Protect Personal & Sensitive Information Throughout the Data Life Cycle
Electronic data can be accessed anytime, anywhere and by many different devices. This creates infinite opportunities for this data to be accessed by the wrong people, lost or stolen. Everyday, organizations are challenged to ensure the personal information of their employees, consumers, clients, investors and other stakeholders remains safe, secure and accurate. In recent years, there have been countless instances where companies failed this challenge, resulting in data breaches that caused unexpected costs and loss of customer and employee confidence. Unfortunately, there are many more organizations on the brink of a breach that have so far been lucky enough to avoid one.
Effective privacy and data security controls protect personal information at all points in the data life cycle, including collection, processing, storage, alteration, transfer and destruction. Strong data privacy controls and practices are imperative to maintaining the integrity of data, preventing data incidents and breaches, and complying with laws and regulations.
Privacy and data security laws and regulations vary from country to country and, in the U.S., from state to state. In some countries, comprehensive privacy and data security requirements are in place, while many other countries are still in the process of developing laws and regulations to ensure personal information is handled appropriately.
CHARTING THE COURSE
Privacy programs can be used to implement and maintain privacy controls and protect personal information. Key components of an effective privacy program include:
• Privacy Governance
• Privacy Compliance (corporate and government compliance)
• Information System Controls
• Business Process Controls
• Vendor Evaluation
PRIVACY PROGRAM IMPLEMENTATION
Privacy programs can be implemented through a variety of activities including:
• Executive Endorsement
• Establishment of a Privacy Function (including dedicated personnel)
• Privacy Policies
• Standardization of Control Requirements (systems and business processes)
• Business and Information System Assessments
• Compliance Initiatives
• Vendor Assessments
• Establishment of a Network of Privacy Champions throughout the organization.
BENEFITS OF A PRIVACY PROGRAM
Decreased Likelihood of a Data Breach
A strong privacy program can decrease the likelihood of having a reportable event, such as unauthorized access to data or data loss.
Employee and Customer Confidence and Trust
Developing and maintaining strong privacy controls and compliance with privacy laws and regulations builds employees, consumers, clients, investors and other stakeholders’ confidence and trust that their personal information is safe and secure.
Compliance with Laws and Regulations
Maintaining compliance with privacy laws and regulations reduces the risk of legal and regulatory actions.