As mobile devices and technology continue to become more sophisticated and popular, international Data Privacy Day ISACA – the global association for IT governance, assurance and security professionals – has put together 10 tips for managing privacy concerns.
Yves Le Roux, chair of ISACA’s Data Privacy Task Force, stated trends and technologies from the Internet of Things to Big Data and mobile apps are bringing privacy issues to the forefront and enterprises need to be thinking about this important issue and taking key steps such as:
- Appoint a chief privacy officer or, at minimum, designate someone as the person responsible for privacy in your organisation.
- Know what personally identifiable information your organisation collects and retains about your customers and employees. Take a data inventory so you know where the information is stored.
- Ensure that your privacy policies are clearly written and enforceable. They should address issues related to the collection, use, disclosure, retention and disposal of personally identifiable information.
- Disclose personally identifiable information to third parties only for the reasons stated in your privacy notice. Be sure to have the implicit or explicit consent of the individual.
- Create a privacy-friendly environment. Ensure employees understand why it is important to protect personally identifiable information and the risk to the organisation if they don’t.
- Address all privacy-related laws and regulations that apply to your business. Even if an organisation does not have a physical presence in a state or country, they may be subject to its privacy regulations.
- Train employees to protect the privacy of personally identifiable information. Implement a privacy training program for all employees on the importance of keeping personally identifiable information secure, both in and out of the office.
- Provide a process for individuals to make complaints. Provide customers with an online form or email address for communicating their privacy problems or concerns. If problems arise, deal with them efficiently and effectively.
- Create an incident-response plan. Privacy breaches can occur despite best attempts at prevention. Creation of an incident-response plan enables you to respond promptly.
- Consider having a privacy audit performed by an outside trusted entity. Hire someone knowledgeable in privacy, such as someone who holds the Certified Information Systems Auditor credential.