Within the last month in Trinidad and Tobago, there was an article in one of the daily newspaper headlined “Contractor ordered to clean up medical waste”. According to the article, waste, including inter alia “patient medical information” were found on the site. Now while there is no way to verify the accuracy of the story, if it is true then this can represent a Data Breach, as it possibly exposes individual Personal and quite possibly Sensitive Personal Information.
Privacy is not just another compliance requirement but a key way to differentiate and market your business. In essence therefore Privacy is just good business. For companies, getting data privacy right is no longer just a compliance exercise – a box to be ticked. Instead, having a robust approach to managing personal data well is beginning to be seen as an important competitive advantage for organizations.
Add to this the largest ever data protection standard in the world – the General Data Protection Regulation (GDPR), underscores why Data Governance, Privacy and Data Protection is so critical for organisations to safeguard their customers’ data. The GDPR tidal wave and the burgeoning suite of data protection regulations worldwide are making this area one of the most complicated yet most critical for executives and advisory professionals and consultants.
Data protection has become a strategic ‘make or break’ issue which can guarantee organisations critical competitive advantage but at the same time, have disastrous reputation and financial impacts when confidential intellectual property is leaked and used by competitors, whether through employee breaches, procurement irregularities or cyber hacking. Data Management specialisation therefore goes beyond understanding how to minimize the risk of data misuse but also that of how to mitigate missed use, that is, leaving or ignoring crucial data resources which can produce deeper understanding of your business, your customer or constituent needs and therefore opportunities for innovation, efficiency and an improved bottom-line.
It has been estimated in various industry publications that by 2019 data breaches will cost $2.1 trillion USD globally. The average cost of a single data breach will exceed $150 million USD in that same period. If a breach does occur, being able to react quickly and appropriately can mitigate the damage. Not collecting data is also not an option let’s face it, you can’t afford to not collect data about your customers. That data represents competitive advantage, too. Whether you’re performing targeted marketing through mobile advertising, running a loyalty program, or simply using customer insights to drive product development, collecting data about your customers is essential to future success.
So what steps can businesses take to protect the personal data that they collect and use? The Equigov Institute suggest the following six steps as a good starting point:
Know What to Protect
Before you can protect your data, you have to know when it’s collected, how it’s created, where it resides, and how it moves. This includes identifying hardcopy information as well as electronic data.
Identify Risks and Your Tolerance Level
Data protection begins with identifying the risks to your information as well as your tolerance to them. Your business has a unique risk profile based on the services it provides, the information it uses, and the privacy breach threats common to your industry.
Take Physical Security Measures
After identifying the risks to your information, you can take the right physical security and protection measures.
Post a Privacy Policy
Every company needs a privacy policy to let its customers know how their data is protected. Key provisions of your plan should include the type of data collected, how it’s used, and the steps taken to ensure collected information is not compromised.
Establish Backup and Recovery Processes
Solid backup and recovery processes allow for data to be quickly reproduced if stolen or destroyed. Backup and recovery strategies vary from business to business based on budget and resources.
Train Your Employees
You already have the best form of data protection: your employees. They are your first line of defense. Keep them informed and prepared, and your information will be safe.
Businesses often treat security as a series of special measures to protect certain information, but it’s usually easier to be secure across the board than to only protect data in certain narrow circumstances. Data security isn’t just a matter of installing tools and issuing a few memos — it requires you to review and categorize all your data, write tough policies, and train and retrain your workers until security best practices are part of everything they do.
To learn more on the steps your business can take to ensure that it understands the data protection principles as well as implement proper data protection policies and procedures check out the EquiGov Institute, or email us at info@equigov.com or call at 1-868-461-4572.
