6 Tips for Building a Data Privacy Culture
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltb4dbcb6ac5a5e59a/64f0d6ed1d1ec51b5368fdef/Slide-1-Privacy-CoverArt.jpg?width=700&auto=webp&quality=80&disable=upscale)
Given the expanding threat landscape, security professionals may think that the public at large doesn't have a good grip on what counts as sensitive information.
But MediaPro's 2018 Eye On Privacy Report shows that the industry has made some progress.
For example, 89% of US employees rank Social Security numbers as most sensitive on a scale of 1 to 5, with 5 being the most sensitive. And another 76% rank credit card information as most sensitive.
Other evidence that employees are more aware than in the past: 87% chose to correctly store a project proposal for a new client and design specifications for a new product in a locked drawer. And nearly three-quarters of all respondents chose to either destroy an old password hint and an ex-employee’s tax form from three decades ago in a secure shredder.
"While we've made progress, I have to wonder about the 11% who didn't rate a Social Security number as most sensitive," says Tom Pendergast, chief strategist for security, privacy and compliance at MediaPro. "It would seem to me that the Equifax case from last year would have sufficiently alarmed people."
In honor of Data Privacy Day on January 28, here are key steps for creating a corporate culture of data privacy, based on interviews with MediaPro’s Pendergast and Russell Schrader, the new executive director of the National Cyber Security Alliance.
New cars that come with the latest technology apps gather information about drivers that can inadvertently reveal sensitive information about them.
For example, a car could track the location of an HIV clinic or cancer treatment center a person visits, creating data points on how often a patient visits those locations. Given that the car manufacturers often sell this information to marketing companies, this might mean that a third-party company could infer that a customer has HIV or is being treated for cancer.
Be sure to read the fine print on any relationship you make with a dealer or car company, because you have the right to ask them to not sell the information to third parties. While this tip is primarily geared to consumers, companies should bring these new privacy issues to the people they issue company cars to, as well as employees who rent cars on business trips.
Many companies don't have policy about how and where to store personal and/or sensitive information. Small companies may just want to have file cabinets to lock away sensitive documents, while larger companies may have special vaults or warehouses where they store such material. Most companies also have encryption standards they apply to digital information, as well as destruction requirements.
Given the expanding threat landscape, security professionals may think that the public at large doesn't have a good grip on what counts as sensitive information.
But MediaPro's 2018 Eye On Privacy Report shows that the industry has made some progress.
For example, 89% of US employees rank Social Security numbers as most sensitive on a scale of 1 to 5, with 5 being the most sensitive. And another 76% rank credit card information as most sensitive.
Other evidence that employees are more aware than in the past: 87% chose to correctly store a project proposal for a new client and design specifications for a new product in a locked drawer. And nearly three-quarters of all respondents chose to either destroy an old password hint and an ex-employee’s tax form from three decades ago in a secure shredder.
"While we've made progress, I have to wonder about the 11% who didn't rate a Social Security number as most sensitive," says Tom Pendergast, chief strategist for security, privacy and compliance at MediaPro. "It would seem to me that the Equifax case from last year would have sufficiently alarmed people."
In honor of Data Privacy Day on January 28, here are key steps for creating a corporate culture of data privacy, based on interviews with MediaPro’s Pendergast and Russell Schrader, the new executive director of the National Cyber Security Alliance.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024