By Catherine Nolan
In the past year, new laws and regulations have been enacted around Data Privacy. These new laws reflect a worldwide desire for personal privacy and a reaction to the recent disclosures of data breaches and identity theft. As with any government mandate, businesses will have to comply or face fines for disobeying legal requirements – whether that disobedience is by intention or ignorance. In this digital age, cyber-attacks and data breaches are constant threats and state and federal regulators are taking a hard line approach to data security.
At last count, 47 states have enacted legislation requiring private and government entities to notify individuals if a company’s security has been breached and personal identifiable information stolen. Organizations are expected to respect individuals’ privacy by collecting, using, and disclosing personal data only for legitimate purposes. This means no selling of personal data to data brokers or outside marketing firms. Organizations are also expected to be open about their practices and to allow individuals to review the data that is collected about them. In addition, they are required to implement effective security safeguards to prevent any improper disclosure of personal information. When disposing of data, they must make this information unreadable or undecipherable, or physically destroy unwanted data.
To date, compliance with financial laws and regulations has been the primary concern of many businesses. However, in today’s world, keeping personal data private is just as important. It is not only because of the risk of penalties, but also because of the potential loss of revenue due to the public’s loss of trust and the negative publicity associated with a data breach.
To keep your corporation from being the next company on the data breach list, ensure that all sensitive data handled by your company is stored, accessed, and safeguarded correctly. To do this, employees need training to understand and comply with your company’s information security policies and the laws surrounding personal data privacy. Employees need to understand that they are the best line of defense against privacy breaches at each stage of the data lifecycle.
Catherine Nolan has an MBA in Business Administration and 25 years’ experience as an Information Analyst. When she became a victim of identity fraud through the hacking of her credit card information, she began extensive investigation into credit card and identity theft. Her research led to co-authoring The Audacity to Spy: How Government, Business and Hackers Rob Us of Privacy with Ashley Wilson, a book which describes the many ways personal information is being compromised and how the average person can protect themselves and their digital assets.