Questions? Contact Us

 

Latest News

Featured News & Events

Can your business pass the data privacy test?

In addition to being Blueberry Pancake Day, Sunday, Jan. 28, 2018, is Data Privacy Day

Data Privacy Day is led by the National Cyber Security Alliance (NCSA) in the United States. According to NCSA: 

"Data Privacy Day commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Launched in Europe and adopted in North America in 2008, Data Privacy Day brings together businesses and private citizens to share the best strategies for protecting consumers' private information." 

We know about the NCSA leads National Cyber Security Awareness Month (NCSAM) in October – a month dedicated to awareness of protecting ourselves, our property and our information. Data Privacy Day is a singular day set aside to recognize the importance of controlling access to our personal information and keeping it private. 

Privacy Matters 

For an indication of how important privacy is to individuals, look no further than the General Data Protection Regulation that will be enforced starting May 25, 2018. This regulation, led by the EU, will impact not just European organizations, but any entity doing business there. And the fines for non-compliance shouldn't be ignored. 

"Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement." 

If you're a company outside of Europe, but you have customers in the EU and do business there, you should be addressing compliance with GDRP. 

Where to Start? 

As with NCSAM, there is a wealth of information on the NCSA website about Data Privacy Day, but I'd like to highlight and expand on the guidance offered for businesses when it comes to your customers and the privacy of their personal information. (Please note: Simply implementing the below guidance doesn't put you in compliance with GDPR.) 

If you collect it, protect it. This is a great example of how data privacy goes hand-in-hand with security. As a collector of privileged and personally identifiable information, you must take measures to protect that data, including controlling who can access it. 

Be open and honest about how you collect, use and share consumers' personal information. First off, being anything but transparent and honest about what you do with customers' private, personal info, will only get you into trouble. Think about what your customers expect you to reasonably do with their data, and then make sure it's done by default. 

Build trust. Communicate what privacy means to your organization, how important it is and what you're doing to achieve and maintain privacy. 

Create a culture of privacy in your organization. Make sure your employees understand the importance of keeping customer and employee information private and protecting it – and the impact of what would happen if that information was compromised. 

Go beyond the privacy notice to educate consumers about your data privacy practices. Use additional notices and alerts such as opt-in options vs. opt-out requirements. 

Conduct due diligence and maintain oversight of partners and vendors. This is one that is easy to overlook. Think about the Target breach of 2013, and the countless others that have followed, where a third-party opened the access route for bad actors to infiltrate a system and compromise private data. 

ZZ Servers recognizes the importance of keeping any private data we collect ourselves or on behalf of our customers just that – private. We strive to be a trusted partner in your business and will work to help ensure the privacy and security of personal data. 

This Jan. 28, spend some time reflecting on how your organization is handling your customers' personal information and if you're being transparent, building trust, creating a culture of privacy and doing due diligence with partners and vendors. Think about this over breakfast of a blueberry pancakes.

Three Practices for Defending Against the Threat f...
Five must-haves in any disaster recovery plan

Related Posts

 

Tag Cloud

vyatta router firewall filter security PCI HIPAA Accountability Act Assigned Names small business computer security cloud PCI Service Provider IT services HIPAA Medical Records businesses arduino Security IT security Disaster Recovery Plan hosting control panel Credit Cards two factor authentication Xen Email PCI Compliance compliant hosting computing in the cloud DRP information technology bash Debian trends education PCI Solutions Zendzian support members area mail server Alarm Health Insurance Portability security circles Credit Card Security vulnerability scanning personal information Business Solutions Sysadmin data breach TLS Hackers Geekend cell phone email change IT PCI Data Security Standards assesment OSSEC eCommerce Solutions qsa business solitions cyber liability insurance Las Vegas InterWorx PCI DSS 3.2 HIPAA solutions David Zendzian ICANN spoofing Internet infrastructure BSides GDPR kerio Vulnerability exchange social engineering Presentation amazon ec2 compliance QSA cli management cyber security log files Domani Names Hosting Cybersecurity Internet passwords spf caller-id cybersecurity vps shared hosting recovering data Reports Internet Corporation search Continuous Monitoring pci complliant hosting video cyber Information Technology Announcement lamp PCI Hosting shared secure hosting physical data privacy blackberry email accounts permissions backup solutions Home Depot Breach PCI Audit Server Mangement Healthcare Records Ubuntu IT Services physical security black friday password VPS Servers PCI iphone Small Business CentOs National Cyber Security Awareness Month openssl phishing attacks Windows Positive Customer Impact World Backup Day DEF CON PCI compliance ZZ Servers Co-Founder SSL intrusion detection Firetalk windows 7 phishing business community cyber protection HIPAA Solutions IT solutions Control Panel network Scalable Redundant Cloud Infrastructure Health Care Cybersecurity business solutions HIDS command line Shmoocon employee training Compliance dss sender policy ipad activesync Web Hosting multi-factor authentication TiaraCon safe computing credit card payment ZZ Servers INFOSEC Car Hacking follow.The HIPAA Privacy Rule Charleston IT Solutions computer networks Linux Medical Solutions motivation smartphone dsbl Cloud Computing Interworx-CP HIPPA eCommerce credit cards stolen healthcare solutions embedded cyber monday data protection health care providers protect data cloud infrastructure credit card Business Planning Cybersecurity Business Solutions cyber monitoring shared folders security spam Payment Card Industry infrastructure business shared server anti virus teensy apache malicious software logical security Online Business