Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

12/12/2017
10:30 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How Good Privacy Practices Help Protect Your Company Brand

Follow these five guidelines to keep your organization's data protected.

Your brand can be one of your company's most valuable assets. It can command premium prices, customer loyalty, a faster sales cycle, and an overall healthier bottom line. But unfortunately, even the strongest brands can have difficulty withstanding the impact of a data breach.

Consider that the average cost of a single data breach is $3.62 million. On top of this, data breach incidents reportedly cause 65% of individuals to lose trust in the organization experiencing it. This loss of customer trust may take years to recover, if it even can do that at all.

Addressing Privacy Law Variations
In response, organizations have stepped up their efforts to help protect data privacy. While this must be an ongoing business priority, it is far from simple, bearing in mind the trove of personal data that organizations collect and the range of privacy laws that exist to protect it.

Privacy laws vary from country to country — and even state to state, with 52 US state and territory breach laws in effect. The Alaska Personal Information Protection Act, for example, protects personal information in all verbal, electronic, physical, and visual forms. Then there are industry-specific regulations to consider, such as the Health Insurance Portability and Accountability Act, which safeguards medical information, and the Federal Information Security Management Act, which protects government information.

There are also age-specific regulations, such as the Children's Online Privacy Protection Act, that address the unique rights of individuals under the age of 13. And there's the European Union's General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, and requires organizations worldwide to implement comprehensive data protection programs that govern how they control and process personal data of individuals in, and citizens of, the EU.

January 28 is Data Privacy Day. Use this day as an opportunity to educate your colleagues on best practices to help safeguard data privacy. These five tips can help protect your company's brand and, more importantly, your customers' and workers' data privacy.

1. Understand what constitutes a data breach. A data breach is an incident in which sensitive, protected, or confidential personal data potentially has been viewed, stolen, or used by an individual unauthorized to do so. This can include sensitive information discussed in a doctor's office, viewed on someone's laptop screen, hacked from a computer, or perhaps left on the printer. It could involve thousands of records, or just one. Depending on the regulation, it could involve identifiers, such as a name or identification number. Or it could be images of individuals, in photos or videos. It also could be data revealing racial or ethnic origin, political opinions, religion, trade-union membership, genetic data, health information, personal preferences, and so on.

2. Be aware of your surroundings. Workers should be trained to always be aware of their surroundings. Employees frequently use mobile devices to access and share data, often in full view of others. There's increased risk of data exposure inside the office too. Open-office floor plans remove physical barriers that in the past helped shield computer screens. Those who work in public spaces and in heavy-traffic areas like emergency departments, public lobbies, government offices, and guest-service desks should know to look for suspicious behaviors, such as identifying a visitor who is pointing a smartphone toward a computer screen.

3. Deploy layers of protection to avoid breaches. Add layers of protection as part of a defense-in-depth security approach. This often involves perimeter technologies, such as firewalls, data encryption, and two-factor authentication. Using privacy filters can help protect sensitive data displayed on computer and device screens by blocking unauthorized side views. Other important protection measures include implementing clean-desk policies, using password-protected screensavers, and requiring that sensitive information be printed and stored in locked areas, and then finely shredded when disposed. Regular assessments can help identify vulnerabilities in these areas, as well as other gaps, such as poorly trained employees.

4. Collect only what you need. In the spirit of improving the buying experience, many organizations are collecting an increasing amount of personal information about their customers. They are asking for birthdays, ages of children, etc. Collecting this level of information requires organizations to be aware of privacy laws, such as the GDPR, that are very stringent in how personal information is used. As a best practice, organizations should proactively identify and collect only the personal information necessary for their intended purposes, for a period strictly necessary (minimization principle), and they should ensure that personal data will not be made accessible to an indefinite number of people.

5. Be ready to respond quickly. Have a documented breach response plan that details roles, responsibilities, and processes. Schedule regular training exercises to help ensure your organization's incident response and breach notification policies and plans will work. Conduct tests to see if employees know who to alert if their device is compromised or they become aware of a data breach. Make sure you have the forensics in place so you can quickly communicate what happened and what the company is going to do about it.

Together, these five tips can help safeguard data privacy, build customer trust, and protect your company's brand.

Related Content:

John Brenberg has over 30 years of experience spanning new product introduction, system development, infrastructure management and information security and compliance across multiple business segments and processes. He is responsible for leading the IT programs for ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.