The issue of personal information protection is a hot topic. Companies such as Google and Facebook have been questioned in regards to their privacy policies, as the personal information gathered from users has been leaked to the public on multiple occasions. Most recently, the University Health Network made headlines when patient information was leaked due to the theft of an unprotected USB key- we discussed the topic in the post “Maintaining Information Security and Privacy.” Sharing information has been made easier due to the Internet and electronic files, which raise concerns when it comes to regaining control over personal information protection. As technology advances, the risks surrounding information privacy continue to increase. Will your organization be ready to respond to tighter information controls?
A Call to Action
According to the Ottawa Citizen article “World is losing grip on privacy: watchdog,” Ontario’s Privacy Commissioner Ann Cavoukian stated:
“The world has less than a decade to make the protection of personal information and online privacy a priority before the concepts are lost forever. Ann Cavoukian says legislation meant to safeguard privacy already can’t keep pace with the flow of information and advances in technology.”
The Ottawa Citizen article raises the point that there are currently no laws in place requiring private companies to disclose incidents where personal information has been leaked or stolen. Unfortunately, many companies only go public about information privacy breaches if there’s a significant amount of data lost- with each company’s definition of “significant” varying significantly. The article then suggests that governments around the world should take privacy matters into their own hands in order to protect personal information and hold companies responsible for failure to do so.
FREE Investigation Report Template
Prepare thorough, consistent investigation reports with our free report template.Download Template
I feel that it would make a difference if governments enforced greater control and accountability of privacy issues. However, in order to reach ethical goals and act as good corporate citizens, companies must build privacy protection controls into their business strategies immediately. Companies cannot afford the costs associated with information breaches or the lack of trust from the public- take initiative and be proactive in protecting information.
Suggestions for Keeping Personal Information Private
Accountability: Treat personal client, employee and patient information as if it were your company’s most important trade secrets. If an information breach occurs, make an announcement immediately- regardless of the size of the breach.
The Ottawa Citizen article “World is losing grip on privacy: watchdog,” by Vito Pilieci, discusses Cavoukian’s suggested plan for implementing stricter privacy laws:
“Cavoukian has been trumpeting her Privacy by Design agenda to privacy commissioners all over the world. The concept takes a radical look at the way privacy issues are governed and forces companies to make the safeguarding of personal information the standard in every new product, technology or service they release. Before mining personal data, a company must approach each individual, ask for access to the information and explain exactly what the information is going to be used for. Numerous European countries, as well as the U.S. are adopting Cavoukian’s concept.”
Define Intention and Use of Data: Let consumers, clients and the general public know what is done to personal information once it has been collected by a company and provide them with options as to whether or not they grant your company permission to share their information. People want to know that companies are taking the proper measures to keep their information safe. Consumers use cards that contain personal information to pay for items, they are asked to divulge increasing amounts of information and proof of identity when signing up for services or making purchases and in return, companies are being trusted to use this information for the sole purpose of providing the service or business transaction- not selling client lists to marketing companies.
Think of Your Users First: Privacy concerns have increased significantly due to the rise of social media. Google and Facebook have demonstrated a lack of concern for the privacy of their users, as both companies only took additional privacy matters into consideration after services were launched and users were furious with the lack of information protection.
When Google Buzz first launched, many Gmail users were confused by the service and the ability to opt-out of it in order to refrain from having their contacts, location, comments and other information available to anyone viewing them. In response to the criticisms, Google made many announcements and multiple privacy revisions. Google encouraged users to set their privacy settings to the appropriate level they desire and disabled users’ auto-connect capabilities so that they now have the opportunity to accept and reject people’s requests to connect.
In the hydro industry, homes in Ontario are going to be added to a smart grid system, which is described in the Ottawa Citizen article:
“With a smart meter, the electrical utility knows how much electricity a person is using and when. The utility can also tell when a person is home or out, based on power usage. Some utilities in the United States have expressed interest in selling that data to market research companies. Cavoukian believes that information should not be shared openly. She said she has been working with Toronto Hydro and Hydro One to ensure utilities in Ontario keep personal information private. The two large utilities have agreed to make privacy a top priority. ‘It’s your information, you should be able to decide what happens to it,’ Cavoukian said in applauding the approach of the Ontario utilities.”
I’ll have to side with Cavoukian on this issue- I should be able to decide what happens to my personal information. The next time your company collects a client’s information or launches a new product or system, consider the impact it will have on your company’s ability to protect personal information.