Each year, the National Cyber Security Alliance (NCSA) leads the celebration of January 28th as Data Privacy Day. This day commemorates the January 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.
On selecting this year’s Data Privacy Day theme of “Own Your Privacy”, the NCSA stated, “Each year, data breaches continue to grow in size and scope—exposing consumers’ sensitive, personal information and businesses’ valuable data. Against this backdrop, Data Privacy Day helps spread awareness about privacy and educates citizens on how to secure their personal information. It also works to encourage businesses to be more transparent about how they collect, store and use data.”
Alongside prominent news coverage of recent breaches, consumers are becoming increasingly concerned with their individual right to privacy. In fact, a recent survey by Pew Research Center indicates that a majority of Americans report being concerned about the way their data is being used by companies (79%) or the government (64%). Yet, there is still a general lack of understanding around how businesses collect, process, and store personal data. While consumers should be taking measures to ensure their personal information remains private—such as routinely checking privacy settings—once it is in the hands of your organization, diligence must be taken to protect that data on behalf of consumers.
Not only is privacy the ‘right thing to do’ but it gives organizations a competitive advantage. With the California Consumer Protection Act (CCPA) coming into effect earlier this year, and lawmakers in other states considering similar regulations, data privacy is a top concern for businesses in 2020. “Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth,” says the NCSA. Simply put, privacy is good for business. We recognize that all organizations are at different places on their privacy management journies. No matter where you are, here are four tips for better business data privacy:
- If you collect it, protect it. Without a data security program, you’re putting your organization’s privacy at risk. Implement security measures—such as end-to-end encryption and access controls—to keep your customers’ and your employees’ personal information protected against unauthorized access. Organizations should also consider hosting their own encryption keys to ensure not even your cloud provider has access to encrypted content.
- Be transparent and build trust. Be honest with customers, employees, and partners about how you collect consumers’ personal information, what you use it for, and why. Communicate openly about your organization’s privacy management initiatives.
- Maintain oversight of partners and vendors. 2019 was seemingly the year of third-party breaches. So, if you trust partners and vendors to conduct services on your behalf—such as billing or HR management—be sure you know how they collect and use your customers’ personal data. Remember that those you do business with are an extension of your organization.
- Keep up with evolving data privacy regulations. According to recently published research, 82% of organizations plan to increase their investment in regulation management. From these six tips for overcoming regulatory hurdles to breaking down the key differences and similarities of the CCPA and the GDPR, be sure you have a good grasp on compliance in today’s constantly shifting regulatory landscape.
Privacy and Security Working Together
Privacy boils down to one thing: preventing unauthorized access. To ensure true privacy, security must be at the forefront and organizations that take a leading-edge approach to both privacy and security are well-positioned to grow, innovate, and build customer trust.
Given that 51% of organizations report sharing sensitive data via email, consider reinforcing your cloud email provider’s native encryption with a third-party app that provides end-to-end, data-centric, client-side encryption. This ensures that all unauthorized parties—including both bad actors and the email provider itself—are not able to access your most sensitive data.
After implementing end-to-end protection, next, consider how your encryption keys are managed. Just as you wouldn’t store your house keys right next to your front door, you should consider separating your encryption keys from your encryption provider. Unless you trust how your keys are managed, encryption is virtually useless. Find a complementary technology solution that gives you this control by owning your encryption keys.
To learn more about how Virtru helps accelerate privacy initiatives with data-centric protection, persistent controls that prevent unauthorized access, and flexible key management solutions, get in touch with one of our data privacy experts.