The most important details about ourselves and our institutions are stored on computers and servers in our homes, businesses, government buildings, and data centers. This vast interconnected network is regularly targeted by fraudulent people wanting to steal information. Cybercriminals can empty bank accounts, harass, extort, and destroy someone’s credit. They can reveal trade or government secrets and learn the most intimate details of our lives – all from computers that could be half a world away.
Even so, individuals are legally entitled to data privacy. Three critical elements of data privacy are:
- An individual’s right to control their data
- Knowing the procedures and practices of how data is collected, stored, shared, and used.
- Compliance with all data privacy and protection laws
Types of Data
Perhaps the most significant risk of performing online transactions is that individuals share items of Personally Identifiable Information (PII). The more identity elements a criminal can acquire, the easier it is to impersonate an individual and access accounts with sensitive information.
Examples of PII include an individual’s:
- Full name
- Birthdate, birthplace
- Physical address, email address
- Driver’s license numbers, Social Security Number, Passport Number
- Credit and debit card numbers
- Bank and investment account numbers
- Employment information and history
- Photographs and other biometric data (fingerprints, retina scans, etc.)
Besides PII, there are many other categories of information that companies and organizations should keep secret because its release could lead to embarrassment or the disclosure of legally protected confidential information.
Other categories of protected data include:
- Medical records
- Geographic data
- Financial data
- Student records
- Personal data collected during an online transaction
However, not all data is subject to data privacy. This includes:
- Information already in the public record such as phone numbers and online directories
- Data that cannot be used to distinguish one person from another, such as hardware IDs
Companies should familiarize themselves with the specific regulatory landscape in the geographic regions they serve. Some of the many data protection laws covering the United States include:
- Children’s Online Privacy Protection Act (COPPA) – protects the privacy of children under 13.
- Electronic Communications Privacy Act (ECPA) – Addresses the transmission of electronic data.
- Fair Credit Reporting Act (FCRA) – Guards the collection and use of consumers’ personal information.
- Health Insurance Portability and Accountability Act (HIPPA) – Shields patient rights to protect personal health and medical information.
Failure to address the risks associated with collecting, processing, and storing data can leave companies vulnerable to lawsuits. Every company is responsible for maximizing data privacy by:
- Implementing security tools such as encryption, password managers, and virtual private networks (VPN).
- Training staff in data privacy issues and protocols.
- Establishing a work culture that treats data privacy seriously among all employees, not just in the tech department.
- Having a comprehensive and well-rehearsed breach response plan.
- Disposing of personal data when that data is no longer relevant.
- Having clearly written privacy policies, terms, and conditions.
- Vetting software hosted in the cloud before deployment.
- Collect only consensual data relevant to the transaction.
- Having data sharing policies and procedures ensuring users are (1) informed and (2) have consented to share.
- Establishing policies and procedures for individuals to easily rectify incorrect or outdated data.
- Ensuring that the termination of a session does not expose data to a breach.
- Implementing secure protocols for data transfer.
- Data mapping that tracks which data is kept, who manages it, where it is stored, and who has access to it
- Periodically reviewing a data privacy program that can adapt to evolving threats and changing circumstances
- Ensuring third parties receiving shared data also have robust privacy protection programs.
Best practices for individuals include:
- Using multi-factor authentication
- Keeping devices updated with the latest security software
- Regularly backing-up data
- Being aware of strange requests, grammatical errors, click-bait, and other unusual items.
- Creating strong, unique passwords and updating them regularly
- Maximizing privacy settings on social media accounts
Protecting data privacy is key to safeguarding the vital assets of individuals, organizations, and governments. The importance of best practices in this realm cannot be overstated in today’s high-data, interconnected world. To ensure competitive advantage, legal compliance, and peace of mind, make data privacy a priority – and do it now.
For companies handling digital information, a Trust Center is essential in helping your customers understand how you are keeping their data private and secure. It’s also crucial to your future growth, customer confidence, and peace of mind.
You may contact one of our trust center experts to find out how to get started with a reliable trust center.
Please email us at firstname.lastname@example.org to schedule a no-pressure, free consultation.