7 things corporate management needs to know about data privacy and security
Unless you’ve been living under a rock for the last few years, you know that data privacy and security are key concerns these days. In an August 2012 survey by FTI Consulting, Inc., corporate directors and general counsel listed “data security” as the No. 1 business concern, ahead of operational risks and business reputation.
Though recent headlines have focused on the National Security agency and hackers, they’re not the only ones who are under fire for collecting and using private information.
Big data is big business. Companies are collecting and using an unfathomable amount of data to leverage themselves in the marketplace and reach their customers. Obtaining this information isn’t difficult, either, as our society evolves into more and more of a “share society.” We love posting photos of our pets and information about our newest products on blogs, social networks, and anywhere else someone may listen.
The inherent conflict, of course, is that while we all seemingly love to share our data, we also often have an unrealistic expectation of privacy regarding the same data. This has led to lawsuits, government investigations, and loss of consumer confidence.
As laws, policies, and industry practices develop, companies need to position themselves to retain consumer trust and avoid potential liability. Here are seven ways to do just that:
1. Know applicable privacy laws. There aren’t many data privacy laws in the United States, but you should be aware of those that may apply to you and your industry. Also, stay abreast of updates in these laws. For example, the Children’s Online Privacy Protection Act was recently updated with more stringent requirements for the collection of personal data from children. Be sure you are compliant with those rules.
2. Pay attention to and/or become part of developments in the private sector. The White House and the U.S. Federal Trade Commission (FTC) have called for increased privacy measures but have asked industry leaders to create and implement these standards. In late August, outgoing U.S. Commerce Department General Counsel Cameron Kerry urged the business community to play a key role in shaping and protecting consumer privacy. Pay attention to these developments and get involved if you can help shape the future of privacy practices.
3. Understand your own data collection and retention practices. Do you know what data you are collecting, how your company is using it, or what measures are in place to protect it? You certainly should, as your company may become liable to others if you are not doing what you are telling your customers you are doing with their data. Undertaking a company security audit is a good idea if you haven’t done so lately.
4. Ensure your privacy policy is up to date. It cannot be said enough that a cookie-cutter privacy policy is simply not going to cut it today. Your privacy policy must accurately and transparently reflect your data retention, use, and security measures.
5. Ensure you have security measures in place to protect the data. Earlier in September, the FTC took legal action against TRENDnet, a company that sells Web-connected home security systems. Hundreds of TRENDnet’s live feeds were hacked into and posted online. In its first action against a marketer of everyday connectivity products, the FTC complained that TRENDnet did not have adequate security and engaged in false and deceptive advertising practices by leading customers to believe their information was secure. This action by the FTC demonstrates that all businesses need to be concerned about their security measures, as well as the appearances they are making to their customers with regard to security.
(Continued)
6. Ensure your contracts with third-party vendors (such as software vendors) protect data and align with your own practices. Companies often overlook what their vendors and contractors are doing to protect, store, maintain, or use data. This is a huge mistake, as they can often exert control over your data yet may not be following the same practices you are. Ensure your agreements adequately address these issues.
7. Ensure your team is aware of Nos. 1-6 above. Train, educate, and make sure everyone understands the importance of data privacy and security.
While there are no hard and fast guidelines, regulations, or standards to follow with regard to data security and privacy, these steps can help you stay ahead of the data privacy and security curve and retain the trust of your customers.
Mindi Giftos is an attorney with the law firm of Whyte Hirschboeck Dudek, S.C., practicing in the areas of intellectual property and technology law. She can be reached at 608-234-6076 or mgiftos@whdlaw.com.
Click here to sign up for the free IB ezine – your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.
