incorporate to better manage the risk exposure to their organization
and the sensitive data entrusted to them.
smartphones, portable USB devices, copiers or legacy storage
devices. Use a partner to review your security controls and verify that
the data entrusted to your company is safe.
1. How your company manages data privacy shouldn’t be a secret
Your customers need to understand why you need their information,
what you will use it for and how long you will keep it. Consumers are
educating themselves about privacy, your company’s policy on data
privacy should be available and easy to read.
2. Data privacy is an “everyone initiative”
If your business has sensitive information on employees, consumers,
partners, etc., then you should have your whole company involved in
protecting this data. Incorporate a data governance program that
uses training, processes, personnel, and technology to manage this
information when it is at rest, in transit, being processed and finally
decommissioned when no longer needed. All staff, partners, and
vendors need to be involved and understand the importance of
managing the data entrusted to the organization.
These recommendations are just some ideas of what businesses
can implement to better manage their data privacy requirements.
Data privacy is becoming more visible and is a driving international
initiative with the upcoming European Union’s “Global Data
Protection Regulation” (GDPR) law. It is the aggregation of new
threats, laws and consumer activism that makes data privacy a
strategic initiative for today’s businesses to adopt as part of their
core business operations.
This article was taken from here
3. Data governance and the management of privacy is continuous
To effectively manage protected data, an organization’s security and
risk management programs will need to leverage a blend of
technologies, frameworks, processes, and personnel. With all of
these resources, it is still a continuous life-cycle of monitoring,
remediating and improving. To not shortchange themselves,
businesses should assign resources to manage this risk and
understand the value it provides to business operations through
creating a risk-aware culture.
4. Don’t forget the small things
As you train your staff, build a security and risk management
program and incorporate new policies. Remember that data is like
water and can easily slip out of an organization’s control. Bring in a
trusted partner for a risk assessment to check on how your data is
being accessed and if it is being transferred to employees’
5