echo ''

Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Why Business Data Privacy is Good for Your Bottom Line

November 15, 2016

Customers are increasingly concerned with business data privacy, and react strongly to news of data breaches. A recent study showed that 75% of adults are worried about privacy or security issues. Even more concerning, 71% of those studied said they would think twice about shopping at a retail store that whose customer information was attacked in a cyber security incident.

At the same time, consumers often default to trusting businesses until they hear otherwise. Most “always consider their information safe” on major social networks and retail sites (64%), and a majority (55%) will click an unexpected link sent from someone they know. It’s a safe bet that many of them have email security issues they’re not aware of.

36% of adults and half of millennials will share personal information like addresses, birthdays and their kids’ names without hesitation, in spite of the fact that 44% of millennials have been hacked. Many (39%) assuage their concerns by believing they’re not “important enough” to be singled out by hackers, and most (80%) believe they’re helpless to protect themselves from hackers who can successfully target the government anyway.

This creates a potentially explosive situation for companies that suffer business privacy breaches. Your customers have given up on protecting their own data, and put their trust in you. Betray that trust, and it could seriously shake their confidence in your company.

Regulators Are Demanding Strong Business Data Privacy

Industry compliance requirements, along with state, national and international privacy laws are growing stricter, and regulatory bodies are upping enforcement. A recent pair of HIPAA settlements cost a parent company $550,000 for not updating its HIPAA Business Associate Agreement with its affiliate, and enforcement penalties have more than tripled in 2016. Enforcement will likely continue to grow. As an OCR senior advisor recently warned, “We may have more fines in the future.”

2016 was also the year the CFPB issued its first data security enforcement, and in October, the Federal Reserve System Board of Governors, the FDIC and the Office of the Comptroller of the Currency announced proposed rules requiring stricter cyber security controls for major financial institutions. A constant stream of state rules have been toughening business data privacy requirements for years, causing anxiety about jurisdiction.

Not all industries and jurisdictions are currently subject to strict business data privacy rules, but they’re all moving in the same direction. Sooner or later, you’ll be required to strictly safeguard customer privacy and security — if you’re not already. You lose nothing by getting ahead of the curve, but falling behind could be costly. Between potentially serious compliance penalties and the likely greater cost of remediation, business data privacy is a crucial investment in your company’s future.

Business Data Privacy Doesn’t Just Protect Customers

Businesses often treat security as a series of special measures to protect certain information, but it’s usually easier to be secure across the board than to only protect data in certain narrow circumstances. Data security isn’t just a matter of installing tools and issuing a few memos — it requires you to review and categorize all your data, write tough policies, and train and retrain your workers until security best practices are part of everything they do.

Implementing strong, organization-wide privacy policies and practices will help protect intellectual property and trade secrets, along with customer relationships. If you confine your efforts to a small subset of highly valuable information, or pick user-unfriendly tools like secure client portals, you’ll be much more likely to fall victim to low adoption rates, poor follow-through or plain old human error.

How Can a Business Keep Private Information Secure?

People always underrate good intentions — having your team united behind your businesses data privacy effort is the single most important step you can take. But getting there will take the right tools, policies and training. Here are some resources that may help: