January 28th is international Data Privacy Day. Led by the National Cyber Security Alliance (NCSA), Data Privacy Day is global effort that generates awareness about the importance of privacy. It highlights ways to protect personal information and reminds organizations that privacy is good for business.

As a 2021 Data Privacy Day Champion, I’ll be going live on Facebook at noon on 1/28/21 to talk about the importance of personal privacy. I’ll also demonstrate how individuals can update their privacy settings.

For businesses, 92% of consumers say companies must be proactive about data protection (PwC).  Be open about how you collect, use and share personal information. And if you collect it, protect it. It’s a bad day when you have to send a letter to customers telling them you’ve compromised their information – like in the breach earlier this year that impacted over a million Inova Health Systems patients.

Following are some measures you can take to keep your customers’ personal information safe from inappropriate and/or unauthorized access.

Assess Your Data Privacy Practices

When it comes to data collection, less is more. Only ask for data you truly need to provide business services. Anything more simply increases your risk without offering the corresponding return on investment.

Next identify where you’re storing sensitive data. Consolidating the data into a single location makes it easier to secure because you don’t have to worry about files scattered across various devices and cloud services.

Understand Your Regulatory Requirements

Depending on the nature of your business, you may need to comply with various data privacy protection laws. At the Federal level the most common ones involve healthcare information (HIPAA), children (COPPA) and financial data (GLB). In addition, states such as California have enacted their own laws to protect consumer privacy. If you’re doing business with individuals from the EU you will need to be familiar with Europe’s General Data Protection Regulation (GDPR). Failure to comply with any of these regulations can result in hefty penalties.

Consider a Data Privacy Framework

Build privacy into your business by researching and adopting a privacy framework to help you manage risk and create a culture of privacy in your organization. A privacy framework such as NIST-800-171 can provide actionable guidelines and help with compliance.

Look for Tools to Help

The effort involved in establishing data privacy controls can be daunting for small and mid-sized businesses. That’s why Invario looks for automation solutions to help with the process. For example, I’ve found a tool you can use with our Invario solution stack that identifies business risk, quickly prioritizes based on impact and cost, and tracks progress toward your selected compliance standard or privacy framework. This will save a lot of hours when it comes to tracking and maintaining compliance over time.

Another option to consider is the Microsoft Information Protection (MIP) option with Microsoft 365. The data tagging and labeling helps your business discover, classify, and protect sensitive information. A key benefit here is the integration with other Microsoft products.

Feedback

If you have questions about this article, or if there is an IT topic you would like to know more about please email me your suggestions.

Referral$

If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.

That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.

Dave Wilson

Referral$

If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.

That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.

Dave Wilson