Poor Data Privacy: The Risks and Best Practices for Data Privacy and Information Sharing
Start thinking about data privacy. There are many precautions you can take to decrease risks around information sharing and prevent regulatory sanctions.
23 May 2014
What’s your organization doing to uphold data privacy?
It seems like almost every month the media reports another data privacy breach. Large companies facing data loss are singled out in the news and criticized for having poor data management and security practices.
Activities involving the collection, use or sharing of information - especially personal information like social security numbers or credit card numbers - should be subject to arduous business case analysis because choosing to ignore data privacy can come with severe costs. Following a breach, an organization could face a stream of regulatory fines, sanction announcements and breach notifications which could cause detrimental damage to the company’s brand and bottom line. Acknowledging and abiding by strong data privacy principles is an integral step to building trust with your customers, partners and suppliers.
If you aren't already thinking about data privacy, it’s time to start making it a priority as part of your information security program. Each stage of the information life cycle should be scrutinized to ensure that proper mitigating controls are in place to reduce the risk of data loss – this involves looking at processes and practices from cross-functional teams involving information technology, privacy, security and compliance.
How You Can Decrease Risks
There are many precautions you can take to help decrease risks around information sharing and prevent regulatory sanctions. For one, your entire organization should be aware of the issues and risks around insecure information and understand what tools are approved by the business. Often the tools organizations provide lack the training or productivity requirements of their employees, forcing them to use other tools that aren’t approved by the organization. Additionally, you should know your technology inside and out to be able to effectively predict and diminish data privacy risks. Know in advance which vendors will be suitable for your needs and are able to comply with your obligations under the law, like audits. You should be able to historically track who shares information, to whom and where that information goes once it leaves your organization. You should also be aware of the legal jurisdictions in which you operate, the types of data you collect and your responsibilities for that information.
Data protection in the enterprise is not impossible. More and more organizations have started adopting file sharing and collaboration tools to secure information and preserve data privacy. Working with a knowledgeable vendor that understands information security, data privacy and regulated industries can help make this process a little easier.
Knowing your obligations for data privacy and risks of insecure information are vital. As our needs for information accelerate and evolve, make sure you have a strong information security program to effectively manage risks and protect data.
Meagan Parrish is the Senior Manager of Social Media at Intralinks. She is responsible for social media strategy development and the communications for Intralinks' online communities. Meagan has been creating social media strategies for a variety of companies across verticals for the past several years. She holds Bachelor degrees in Marketing and Finance, with a minor in English Literature.