If You Collect It, Protect It: Privacy Best Practices For Businesses
GBQ’s IT Services Team spends a lot of time working with clients to protect their technology assets. Companies often think about the hardware, software, and information from the business perspective. Additionally, think about how their business collects, uses, processes, and stores their employee and customer information.
According to a recent Pew Research Center study entitled How Americans View Data Privacy, 81% of U.S. adults report being concerned about the way their data is being used by companies. As a matter of fact, around 67% say they understand little to nothing about what companies are doing with their personal data. This number is up from 59%. Needless to say, respecting the privacy of consumers and employees is a smart strategy for inspiring trust and enhancing the reputation and growth of your business.
Where security focuses on protecting confidentiality (related to privacy), integrity, and availability, privacy is embracing the fact that one has the right to seclude information about oneself and thereby express oneself selectively. It’s important to realize that we, as business owners, either honor or dishonor how we protect (yes, secure) our clients’ information.
Honoring The Right Of Customers’ Privacy Is The Right Thing To Do
- If you collect it, protect it. First and foremost, data breaches can lead to not only great financial loss but the loss of reputation and customer trust. Therefore, it’s important to follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. Confirm that any personal data collected is for relevant and legitimate purposes and that it is processed fairly.
- Consider adopting a privacy framework. While we routinely recommend that firms select a security framework, privacy frameworks are available as well. Build privacy into your business by researching and adopting a privacy framework to help you manage risk and create a culture of privacy in your organization. Start by checking out the following frameworks:
- Conduct an assessment of your data collection practices. Understand which privacy laws and regulations apply to your business. Educate your employees of their (and your organization’s) obligations to protect personal information.
- Transparency builds trust. Be open and honest about how you collect, use, and share consumers’ personal information. Consider how the consumer may expect their data to be used. Then design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization. Of course, it’s also important to outline the steps you take to achieve and maintain privacy.
- Maintain oversight of partners and vendors. If someone provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information.
Protect Your Business, Your Employees, & Your Customers
GBQ Information Technology Services team consists of builders, breakers, operators, and auditors experienced in IT strategy, enterprise risk, cybersecurity, productivity solutions such as data analytics, as well as IT audit and assurance. For more information or assistance with IT strategy, digital transformation, digital risks, cybersecurity or other IT matters, contact us today.
By Doug Davidson, CISA, Director of Information Technology Services
