Do you know where your company’s data is? Without strong security controls in place, your data could be anywhere — and you could be dealing with a privacy breach. As technology grows more complex and the flow of information accelerates, opportunities for the misuse and abuse of data are bound to increase.
Flow Chart of Data
It’s imperative that you know exactly what data your business collects. Pay particular attention to the personally identifiable information (PII) you have for both customers and employees. Create a detailed flow chart showing what information is gathered, how it is captured, how it is used, where it is stored, how it is shared, and how it is ultimately disposed of.
Risk and Regulations
An effective data management plan helps ensure compliance and manage risk by establishing policies and procedures that control the flow and use of information. In addition to federal privacy legislation, the vast majority of states have laws to prevent security breaches, and some industries have developed their own privacy guidelines. Note that each phase of the information “life cycle” may require a unique set of controls.
Privacy policies are the “public” face of your data management plan. Best practices include:
- Notify customers about your privacy policies. Explain why information is collected, how it is used, why it is retained, and why it is disclosed (if it is).
- Obtain customers’ consent to use the information as outlined in your policies.
- Collect only the information you need and only for the purposes outlined.
- Keep personal information secure.
- Allow customers to review and update their PII.
- Do not retain information any longer than needed to fulfill your stated purpose or as required (by law or regulation).
- If you disclose information to a third party, do so only with consent and only for the purposes outlined.
- Monitor your compliance efforts on an ongoing basis.