Questions? Contact Us

 

Latest News

Featured News & Events

Can your business pass the data privacy test?

In addition to being Blueberry Pancake Day, Sunday, Jan. 28, 2018, is Data Privacy Day

Data Privacy Day is led by the National Cyber Security Alliance (NCSA) in the United States. According to NCSA: 

"Data Privacy Day commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Launched in Europe and adopted in North America in 2008, Data Privacy Day brings together businesses and private citizens to share the best strategies for protecting consumers' private information." 

We know about the NCSA leads National Cyber Security Awareness Month (NCSAM) in October – a month dedicated to awareness of protecting ourselves, our property and our information. Data Privacy Day is a singular day set aside to recognize the importance of controlling access to our personal information and keeping it private. 

Privacy Matters 

For an indication of how important privacy is to individuals, look no further than the General Data Protection Regulation that will be enforced starting May 25, 2018. This regulation, led by the EU, will impact not just European organizations, but any entity doing business there. And the fines for non-compliance shouldn't be ignored. 

"Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement." 

If you're a company outside of Europe, but you have customers in the EU and do business there, you should be addressing compliance with GDRP. 

Where to Start? 

As with NCSAM, there is a wealth of information on the NCSA website about Data Privacy Day, but I'd like to highlight and expand on the guidance offered for businesses when it comes to your customers and the privacy of their personal information. (Please note: Simply implementing the below guidance doesn't put you in compliance with GDPR.) 

If you collect it, protect it. This is a great example of how data privacy goes hand-in-hand with security. As a collector of privileged and personally identifiable information, you must take measures to protect that data, including controlling who can access it. 

Be open and honest about how you collect, use and share consumers' personal information. First off, being anything but transparent and honest about what you do with customers' private, personal info, will only get you into trouble. Think about what your customers expect you to reasonably do with their data, and then make sure it's done by default. 

Build trust. Communicate what privacy means to your organization, how important it is and what you're doing to achieve and maintain privacy. 

Create a culture of privacy in your organization. Make sure your employees understand the importance of keeping customer and employee information private and protecting it – and the impact of what would happen if that information was compromised. 

Go beyond the privacy notice to educate consumers about your data privacy practices. Use additional notices and alerts such as opt-in options vs. opt-out requirements. 

Conduct due diligence and maintain oversight of partners and vendors. This is one that is easy to overlook. Think about the Target breach of 2013, and the countless others that have followed, where a third-party opened the access route for bad actors to infiltrate a system and compromise private data. 

ZZ Servers recognizes the importance of keeping any private data we collect ourselves or on behalf of our customers just that – private. We strive to be a trusted partner in your business and will work to help ensure the privacy and security of personal data. 

This Jan. 28, spend some time reflecting on how your organization is handling your customers' personal information and if you're being transparent, building trust, creating a culture of privacy and doing due diligence with partners and vendors. Think about this over breakfast of a blueberry pancakes.

Three Practices for Defending Against the Threat f...
Five must-haves in any disaster recovery plan

Related Posts

 

Tag Cloud

cell phone email security credit card payment management Business Planning vyatta router firewall filter security PCI HIPAA recovering data computer security exchange qsa Hackers Email cyber protection trends eCommerce IT IT solutions IT Services follow.The HIPAA Privacy Rule Sysadmin HIPPA education shared secure hosting PCI Hosting SSL security circles assesment Zendzian Charleston ipad members area business physical compliance Hosting Medical Solutions employee training apache DEF CON Shmoocon malicious software Payment Card Industry computer networks health care providers cli Internet infrastructure ZZ Servers Health Care Cybersecurity Debian blackberry Online Business ZZ Servers Co-Founder businesses iphone Windows data breach Linux IT security OSSEC passwords BSides InterWorx HIPAA intrusion detection Internet lamp black friday Internet Corporation Ubuntu small business protect data Continuous Monitoring backup solutions network National Cyber Security Awareness Month cybersecurity Scalable Redundant Cloud Infrastructure physical security computing in the cloud sender policy Home Depot Breach spf search ICANN Disaster Recovery Plan PCI Data Security Standards Information Technology video change support Accountability Act amazon ec2 PCI Audit anti virus PCI Service Provider pci complliant hosting World Backup Day Car Hacking Web Hosting teensy Firetalk Domani Names cyber monitoring log files activesync Cybersecurity business solutions eCommerce Solutions Healthcare Records CentOs bash Presentation personal information dss credit card windows 7 business solitions cyber monday Las Vegas dsbl credit cards stolen arduino Compliance multi-factor authentication PCI IT services HIDS Vulnerability vps Credit Card Security Alarm phishing information technology caller-id two factor authentication TiaraCon cyber liability insurance Medical Records Announcement TLS shared server Server Mangement GDPR cloud Business Solutions Interworx-CP data protection QSA David Zendzian embedded Cloud Computing healthcare solutions PCI compliance PCI Compliance email accounts Credit Cards PCI Solutions smartphone PCI DSS 3.2 Security Control Panel infrastructure Geekend spoofing permissions hosting control panel Small Business VPS Servers vulnerability scanning safe computing logical security compliant hosting business community spam INFOSEC Assigned Names cyber Health Insurance Portability HIPAA Solutions IT Solutions data privacy mail server HIPAA solutions phishing attacks motivation cloud infrastructure Reports kerio social engineering shared hosting Positive Customer Impact openssl password DRP command line cyber security shared folders Cybersecurity Business Solutions Xen