Data Privacy Day: Eight tips to improve your organization’s profile

For CISOs, every day is data privacy day. But every January 28th Data Privacy Day is officially observed by a number of countries and agencies.

It could be a good day for infosec pros to remind themselves that in addition to IT security, ensuring corporate privacy policies for personal data — of employees as well as customers and partners — are up to date and enforced.

dpd_english

This year’s observation comes at a sensitive time for chief security and privacy officers. Not only are data breaches increasing, the ability of customers to sue is also going up as well.

Just this week an Ontario judge recognized a new common law privacy tort of public disclosure of private facts. The case involved a man who posted a sexual video of an ex-girlfriend on the Internet without permission.

“In the electronic and Internet age in which we all now function, private information, private facts and private activities may be more and more rare, but they are no less worthy of protection,” the judge wrote in part.

The woman had entrusted the defendant with the images, he judge said, and the defendant had no right to publish them. The man was fined a total of $100,000 in damages, plus court costs.

This case doesn’t deal with a corporation. However, before this week no Canadian court recognized the right to sue for public disclosure of private facts. The point is organizations need to note the common law on privacy is expanding.

Later today we’ll report on a panel discussion taking place in Toronto that includes former Ontario privacy commissioner Ann Cavoukian, now the executive director of the Ryerson University Privacy and Big Data Institute.

But for now this is a good time to remind boards of directors and the C-suite that like any risk, managing privacy begins at the top. That means, as the U.S.-based National Cybersecurity Alliance says, understanding that privacy is good for business.

  • Have (and follow) a privacy policy: Your company’s website should have a privacy policy that tells customers what information you collect and how you use it.
  • Know what you have: You should be aware of all the personal information you have about your customers, where you’re storing it, how you are using it, who has access to it and how you protect it.
  • Keep what you need and delete what you don’t: While it’s tempting to keep information for future use, the less you collect and store, the less opportunity there is for something to go wrong.

The group — which offers a workplace risk calculator — urges organizations to remember the following:

–If you collect it, protect it;

–Be honest about how you collect, use and share personal information;

–Don’t count on your privacy notice as the only tool to educate consumers about your data practices;

–Create a corporate culture of privacy;

–Conduct due diligence and maintain oversight of partners and vendors.

Doug Cooke, director of sales engineering at Intel Security Canada, says CISOs can help preserve privacy in addition to protecting databases is monitoring who accesses sensitive databases.

Having a corporate culture of privacy and security awareness “is paramount,” he added. “It’s not possible for a security operation in an organization to stop all incursions, primarily because a lot of the activity is through social engineering. “There’s a lot to be said for employees who have awareness and some empowerment (to say), ‘That looks strange,’ and say to IT there’s an issue that need to be investigated.”

Meanwhile, as a public service organizations could also take the day to remind customers and partners how they can own their online presence including:

–Share with care: Think before posting about yourself and others online;

–Personal information is like money. Value it, protect it;

–Be aware of what’s being shared. Set privacy settings on Web services and devices to where you’re comfortable. It’s OK to limit how and with whom you share personal information;

–Apply the Golden Rule online: Post only about others as you would have them post about you.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now