By Elena Ames, Deluxe Corporation
Reposted with Permission. Originally posted on Deluxe Blogs.
Last week, my colleague Brad Reimer posted a great privacy blog on his recent attendance at the 2015 Privacy. Security. Risk. (P.S.R.) IAPP conference. Protecting sensitive information has been a key topic this year for many organizations across the globe. A few months ago, I had the great opportunity to visit Toronto, Canada, and network with other privacy professionals at the IAPP Canada Privacy Symposium. We sat together for three days, sharing knowledge and creating strategies. One universal topic we discussed concerned all of the breaches occurring around us. They affect us all. They can impact one person or tens of millions. Data breaches exploit known or unknown vulnerabilities in systems, including humans that run or access them. Breaches are generally the result of a series of events and many have a technological component. And, often, they could have been prevented!
WHAT CAN A COMPANY DO TO PREVENT A BREACH?
Companies should learn from each other, from other privacy breaches. They should consider if there were internal or external threats, or missing, incomplete or un-followed policies or procedures. There are many excellent reports available on frequently seen vulnerabilities from Verizon, Microsoft, Symantec, and many others, including government reports on audits.
The Office of the Privacy Commissioner of Canada gives advice on how companies can safeguard their data at the enterprise level:
KNOW THE DATA AND EXACTLY WHAT IT IS TRYING TO PROTECT
- Have access to a trained multi-disciplinary response team with clear roles and responsibilities.
- Make sure outsourced providers have the same level of understanding of what a breach is and what the appropriate response is.
- Review all security policies.
EVERY COMPANY SHOULD PLAN TO MINIMIZE THE IMPACT OF PRIVACY BREACHES
If a breach does happen, a company’s goal should be to minimize the impacts on affected individuals and re-establish the trust. My colleagues and I agree that the more transparent a company is about what it is doing, the faster it will gain back the trust of its customers and reputation.