GBQ IT Services spends a lot of its time working with clients to protect their technology assets. Companies often think about the hardware, software and information from the business perspective, however, they should also think about how they collect, use, process, and store the information of their employees and customers.
According to a Pew Research Center study, 79% of U.S. adults report being concerned about the way their data is being used by companies. Respecting the privacy of consumers and employees is a smart strategy for inspiring trust and enhancing the reputation and growth of your business.
Where security focuses on protecting confidentiality (related to privacy), integrity and availability, privacy is embracing the fact that one has the right to seclude information about themselves and thereby express themselves selectively. We, as business owners, either honor or dishonor how we protect (yes, secure) our clients’ information.
Honoring the right of customers’ privacy is the right thing to do.
- If you collect it, protect it. Data breaches can lead to not only great financial loss but the loss of reputation and customer trust. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. Make certain that the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes.
- Consider adopting a privacy framework. While we routinely recommend that firms select a security framework privacy frameworks are available as well. Build privacy into your business by researching and adopting a privacy framework to help you manage risk and create a culture of privacy in your organization. Get started by checking out the following frameworks:
- Conduct an assessment of your data collection practices. Understand which privacy laws and regulations apply to your business. Educate your employees of their and your organization’s obligations to protect personal information.
- Transparency builds trust. Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used and design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy.
- Maintain oversight of partners and vendors. If someone provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information.
GBQ Information Technology Services is a team of builders, breakers, operators, and auditors experienced in IT strategy, enterprise risk, cybersecurity, productivity solutions such as data analytics, as well as IT audit and assurance. For more information or assistance with IT strategy, digital transformation, digital risks, cybersecurity or other IT matters, please contact Doug Davidson, Director of Information Technology Services.
Article written by:
Doug Davidson, CISA
Director of Information Technology Services