Data Privacy: Technology is Paramount, but People and Processes Matter too

Today is Data Privacy Day (known as Data Protection Day in Europe). In the age of the data breach, with cyber security intrusions seeming to take place on a near weekly basis, it seems hardly necessary to designate a day to emphasize the importance of protecting data and data privacy.  And while most companies recognize that cyber security technology is an indispensable tool in preventing breaches, data policies, employee training and other business controls are necessary for it to be most effective.

Basics for Businesses

In addition to implementing technological solutions, a few simple considerations can help keep data breaches at bay.

- Know Where Your Data is and What’s Important

Not all data is created equal. It’s critical to determine WHAT and WHERE your data is before deciding how best to protect it. Decide what data is most valuable to the business – for some that could patient records, for other intellectual property – classifying it from most to least important, THEN make determinations as to where that data should be kept on the network, who should have access to it, and how.

- Put Role Based Access Controls in Place

Not everyone needs access to all pieces of information. Your human resources department has a legitimate business need to attain certain employee data, like salary and evaluation reports, but it’s unlikely the purchasing department should need equal access to such records. Limit access to specific data only to those who require it to perform their required job role.

- Implement Data Handling Processes and Educate Your Employees on What They are

Put polices on the handling of data in place and communicate it to employees. This includes instructing them on how data should be stored and shared based on its classification (using password protection or encryption, for instance) and making sure they have the technology and training to comply with the required rules and guidelines.

Counsel for Costumers and Consumers

We expect organizations that store our data – like payment information, banking details, purchasing choices and personal specifics – to do so responsibly and to keep that data secure. But being cognizant of our own user behavior in relation to that data can go a long way to keeping us even more secure.

For instance: Always confirm the name and IP address before logging on, and unless you’re certain of the source don’t click on links in email. When typing in web addresses in email, look for HTTPS (at the start of the web address) and SSL (Secure Sockets Layer) which ensures data passed between devices and web servers is encrypted. Your best option: using a Virtual Private Network (VPN) which simulates a private network even when using on a public one.

Bottom line: whether running a business or acting as a consumer of one, a few common sense practices can make the difference between data being protected or exposed. Happy Data Privacy Day!