4 tips to ensure organizational data privacy

Data has become today’s business currency. It serves as the underpinning for so many critical elements of an organization’s livelihood and, like any other currency, data needs to be protected.

The average company has 534,465 files containing sensitive data. How can security and privacy professionals ensure that their organization’s data stays safe? As privacy laws continue to evolve globally with more on the horizon — especially at the state level in the United States — organizations are under intense pressure to know exactly how they protect the data that they collect, store, transmit and process. It’s the job of security professionals to ensure their organization is on the right track to address evolving data management demands. Here are four tips to help set an organization on the path to data protection success:

1. Locate and identify data

One of the most important aspects of protecting information is employing safeguards that minimize and mitigate risk. But before an organization can protect its data, security leaders need to know what types of data they collect, how they use and share data, and where it resides. Data can easily hide in an organization across home-grown systems, documents, emails and even retired legacy applications.

Make it security’s mission to understand where all the critical systems and data are housed within the organization, who has access to it, and what they’re doing with it. This will help security teams build processes, controls and safeguards to better enforce compliance with regulatory restrictions and avoid any surprises during a compliance audit.

2. Regulations impact the lifecycle of data

The number of regulations companies need to address are increasing rapidly. Too often, organizations follow the letter of the law, implementing convoluted and complicated policies as add-ons in order to address changes in regulation. This approach seems like it would be the best path forward, but it will not serve the organization in the long run. If employees cannot understand data management policies or apply them to their day-to-day work environment, it diminishes the effectiveness of the regulations.

And what happens when emerging requirements come into play? New laws will undoubtedly impact how an organization protects data, which in turn influences security controls and procedures. Bear in mind that reviewing the policies, processes and procedures cannot be a static exercise. Create security policies that are easy to understand and general enough to cover global security and privacy compliance requirements and remain consistent. Then update security controls and procedures as necessary to accommodate compliance with new regulations. Seek out opportunities to build adaptability and simplicity into data protection and privacy processes from the start, and the security team will have a solid foundation to support the organization as it grows.

3. Build strong relationships

It may sound cliché, but the ability to build strong relationships across departments is critical to meeting the data privacy demands of a company. Depending on the size of the organization, there could be hundreds or even thousands of stakeholders. Security and privacy professionals need to build a good working relationship with each other and with any department that contributes to the overall security and privacy of the organization, particularly Legal and Operations. Those relationships ensure that security teams are more likely to hear from their colleagues about a non-compliance issue before the auditor comes in.

4. Don’t skimp on employee awareness

An organization’s first line of defense to protect data is from the very people who are most likely to accidentally compromise it — employees. Security awareness efforts can go a long way to minimize risk, but don’t rely on a one-and-done security and privacy training session to do the trick. Execute yearlong campaigns featuring signage, email reminders, mini-trainings, contests and more to help reduce the number of incidents where employees unintentionally disclose data.

As data footprints expand and regulations evolve, businesses are contending with more data than ever before. Security leaders can ensure their organization is set up for success by incorporating best practices for data protection and collaborating with cross functional departments to create a data security and privacy foundation that supports both evolving regulations and business growth.

A Certified Information Privacy Professional (CIPP) and a Certified Information Security Manager (CISM), Denise Schroeder has 25 years of experience in compliance, information security, information risk management and data protection. She is currently the Vice President of Product Innovation at Carbide, where she is responsible for advancing the Carbide platform’s ability to meet the security and privacy needs of companies of all sizes.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.