Sep 16, 201309:48 AMLegal Login
with Mindi Giftos and Ariane Strombom
7 things corporate management needs to know about data privacy and security
(page 1 of 2)
Unless you’ve been living under a rock for the last few years, you know that data privacy and security are key concerns these days. In an August 2012 survey by FTI Consulting, Inc., corporate directors and general counsel listed “data security” as the No. 1 business concern, ahead of operational risks and business reputation.
Though recent headlines have focused on the National Security agency and hackers, they’re not the only ones who are under fire for collecting and using private information.
Big data is big business. Companies are collecting and using an unfathomable amount of data to leverage themselves in the marketplace and reach their customers. Obtaining this information isn’t difficult, either, as our society evolves into more and more of a “share society.” We love posting photos of our pets and information about our newest products on blogs, social networks, and anywhere else someone may listen.
The inherent conflict, of course, is that while we all seemingly love to share our data, we also often have an unrealistic expectation of privacy regarding the same data. This has led to lawsuits, government investigations, and loss of consumer confidence.
As laws, policies, and industry practices develop, companies need to position themselves to retain consumer trust and avoid potential liability. Here are seven ways to do just that:
1. Know applicable privacy laws. There aren’t many data privacy laws in the United States, but you should be aware of those that may apply to you and your industry. Also, stay abreast of updates in these laws. For example, the Children’s Online Privacy Protection Act was recently updated with more stringent requirements for the collection of personal data from children. Be sure you are compliant with those rules.
2. Pay attention to and/or become part of developments in the private sector. The White House and the U.S. Federal Trade Commission (FTC) have called for increased privacy measures but have asked industry leaders to create and implement these standards. In late August, outgoing U.S. Commerce Department General Counsel Cameron Kerry urged the business community to play a key role in shaping and protecting consumer privacy. Pay attention to these developments and get involved if you can help shape the future of privacy practices.
3. Understand your own data collection and retention practices. Do you know what data you are collecting, how your company is using it, or what measures are in place to protect it? You certainly should, as your company may become liable to others if you are not doing what you are telling your customers you are doing with their data. Undertaking a company security audit is a good idea if you haven’t done so lately.
5. Ensure you have security measures in place to protect the data. Earlier in September, the FTC took legal action against TRENDnet, a company that sells Web-connected home security systems. Hundreds of TRENDnet’s live feeds were hacked into and posted online. In its first action against a marketer of everyday connectivity products, the FTC complained that TRENDnet did not have adequate security and engaged in false and deceptive advertising practices by leading customers to believe their information was secure. This action by the FTC demonstrates that all businesses need to be concerned about their security measures, as well as the appearances they are making to their customers with regard to security.