Data privacy is the kind of issue that people don’t ever want to deal with. In fact, many of the organizations that we come in contact with have a lot of personal data on file, and some of them (even some of the most reputable) are at risk to have that data stolen from them. This month, we’ll go over what constitutes personal information, why it is constantly being targeted for thefts, and what you need to do to keep your personal information as secure as possible.
Personal Information
Personal data refers to all information that identifies an individual. The typical info includes:
- Full Name
- Phone Number
- Email address
- Birthdate
- Social security number
- Passwords
- Biometric data
Today the exposure to risk for individual data loss is higher than ever before. This is because more organizations have access to this data. Think about how many businesses ask for your personal information when you first sign up for their service. You may not think anything of it at the time, after all they are reputable and won’t lose it, until they do.
Control Over Personal Data
Since every transaction you make online involves handing over some form of personal data, you need to understand the basics of data privacy. Not only because it will help you keep your own information out of the hands of people who are looking to do ill with it, but because it will give you a better perspective of the blowback that can happen when a business is careless with its customers/employees data.
The truth is that you can’t really trust companies to protect your personal information. In Europe, the EU has made significant strides to ensure that people’s private information is being protected, but in many parts of the world, it is on the company to protect it; often with disastrous effect. This is why you have to be mindful of who you provide this information to, and how you monitor it.
The statistics suggest that people are at least getting more skeptical about how companies are using their information, but it doesn’t seem to be doing much good in the practical sense. People are continuously willing to distribute their information with the confidence that the data will be compromised by the companies they give it to. Less than a quarter of surveyed respondents say they believe companies are doing enough to protect their information, while 10 percent believe that they maintain control over their own personal data.
The strange thing about these numbers is their correlation to what consumers want. 92 percent of surveyed consumers said that they absolutely would love to have control over their personal data; and, 87 percent would like to be able to remove personal data from the Internet if it negatively affects their reputation.
Problems and Solutions
It would be easy to say that the solution to deal with data privacy is just being diligent about the people that you give your data to, but it’s not really that simple. The best way to understand what practices help promote the security of sensitive data is to look at the threats. They include:
- Phishing Attacks - Right now, there is no attack vector more common than phishing, which relies on a user to fall victim to a legitimate-looking email. Some of the most recent high-profile cyberattacks started with a phishing email.
- Vulnerabilities in applications - Data breaches are often caused by software that isn’t updated with up-to-date threat definitions. This problem can happen to any organization that isn’t diligently updating the software it uses.
- Poorly trained workers/sabotage - You wouldn’t believe just how many massive data breaches are caused by the people that a business depends on the most. If your staff isn’t properly trained, or you have disgruntled employees that have access to sensitive information, those situations could end poorly for you.
- Lack of response - Even if you have all the security you need in place, breach is still a possibility. That’s why it is crucial to be prepared in the event of a breach that your organization has the tools and expertise to mitigate the situation before it becomes a problem.
- Refusal to dispose of data - Your organization may find the data it takes in useful for multiple reasons, but if you sever ties with customers, vendors, and staff, it is your responsibility to securely dispose of their personal information. A failure to do so in a timely fashion could lead to a negative situation. Get rid of the data you no longer need, especially if it contains sensitive information.
- Collection of unnecessary data - If data is a form of currency, it stands to reason that it will be shared between companies. If you don’t need the data, however, why do you have it? Possessing data you don’t intend to use--or don’t need--can lead to losing track of it.
Much of the problem organizations have controlling the sensitive information that they obtain comes from a lack of understanding of the data that is in their possession, the lack of effort to properly protect that data, or the use of the data for purposes that aren’t explicitly outlined in their agreements. Without a diligent approach to keep sensitive data away from hackers, there is a good chance that your organization will have to confront these issues in an arena that is a lot less attractive than one you can control.
For more information about data privacy and security, visit our weekly blog at http://www.bardissi.net.