This is a pretty big, but necessary, question to ask yourself. Companies are responsible for ensuring that personal employee and customer information remains private. Sometimes data privacy can be a juggling act in multinational organizations when it comes to fulfilling the needs of the organization and complying with local privacy laws. Ultimately, data privacy boils down to protecting the rights of the individual to prevent others from stealing their identity, knowing their personal information and much more. As I mentioned in a previous post about corporate security, I wanted to write a series of posts providing answers to questions about information security. So here’s the first of many I plan on writing.
Who It Matters To
According to “The Global Privacy and Information Security Landscape FAQ” document compiled by Protiviti and Pillsbury Winthrop Shaw Pittman LLP, the types of companies most vulnerable to data privacy risks are:
- Banks, credit card companies and other players in the financial services industry.
- Retail and marketing companies.
- Social networking websites, online marketplaces, etc.
- Education (universities and colleges)
- Government agencies (voter registries, census, real estate registers, etc.)
FREE Investigation Report Template
Prepare thorough, consistent investigation reports with our free report template.Download Template
Why It Matters
There are 3 main reasons you should care about data privacy:
1. It’s the Law
No better reason than “you have to”. There’s some information that’s just not meant for the public to access. A number of countries and regions have established data privacy laws to govern the way personal data is handled, transferred and stored. According to the Protiviti and Pillsbury document:
“There are myriad consumer privacy and data protection requirements globally, including, for example, the European Union’s Data Protection Directive, numerous member state requirements, the US Safe Harbor Agreement, the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting ACT (FCRA).”
In addition to this list Canada has developed PIPEDA, which the EU has considered adequate legislation, allowing for information to be sent across borders to Canada.
2. Maintain Your Reputation
Companies now collect more information about their customers than ever before. Compliance with privacy laws and how companies handle personal information significantly impacts a company’s reputation. Since privacy controls have become a cross-border concern, companies put their reputations on the line should they fail to comply with the necessary laws. Companies may also lose out on potential business or partnership opportunities by failing to take privacy into account. Data breaches regularly made their way into headlines in 2010, demonstrating to companies that it’s impossible to keep privacy breaches on the down low.
3. Customer Satisfaction Guaranteed
Your company worries about where its information goes, just like your customers worry about what your company does with their information. Have you ever had one of your service providers call you and report that your account has been compromised and you have to go in, receive a new card, change the PIN or other activities along those lines? It’s annoying – and a pain in the butt. You’re also likely to be hesitant about using that company’s services because of the mishap. I’ll admit, I’ve cancelled my services with a provider because they were calling me every few weeks stating that accounts had been compromised. Complying with privacy laws and taking the necessary precautions to keep the hands of hackers off of your customers’ information will leave you with loyal and happy clients – and they’ll stick around longer too!