Data Privacy Day is the international holiday to acknowledge the importance of data security for sensitive and personal information. And this year we’re recommending you take a few minutes of your day and reflect on how your organization handles sensitive data.
Mariner recognizes the national and regional data privacy laws intended to protect the sensitive and personal data of our clients, their business, and their infrastructure. But why not take five minutes today to identify an area of privacy risk needing attention within your organization and prevent business-impacting issues in the future.
Five Questions to Help Determine Data Privacy Risks
1. Does your organization have an individual who is accountable for managing privacy risk?
At a senior or executive level, there should be accountability for managing risk. With accountability comes sponsorship and senior support to make the operational changes found to be necessary.
2. Does your organization have visibility of sensitive information, where it is being stored, processed, and transmitted?
Remember, the task of calling data ‘classified’ shouldn’t conjure images of the CIA. Classifying data simply means labeling and categorizing data according to the data’s value. Value might differ according to the company, person, and regulatory needs. After data is labeled accordingly, you can enact the safeguards specific to those labels. Sensitive data should be treated differently.
3. Can your organization spot an incident when it happens? And are you ready for what follows?
You’ve got the policy signed and you’ve added security for sensitive data. But are you detecting security incidents? Are you prepared to manage an incident once detected? Because incidents are guaranteed.
4. Are you already compliant with the national and regional acts regarding your handling of sensitive data?
This should be a quick answer. Maybe you are already aware of your regulatory obligations. The tougher question to follow is, what gaps still need to be addressed?
5. Do you understand when a Privacy Impact Assessment is required?
The Office of the Privacy Commissioner of Canada (OPC) describes a PIA or Privacy Impact Assessment as, “a risk management process that helps institutions ensure they meet legislative requirements and identify the impacts their programs and activities will have on individuals’ privacy.”.
Tips for Improving your Data Security
Accountability doesn’t come from a titled role, e.g., ‘Chief Privacy Officer’ and most organizations do not require the resource dedicated solely to managing data privacy. Accountability starts with a defined and enforceable organizational policy.
It’s easier to implement security controls only to the data that needs added protection, versus additional controls to all data. Label and classify your data first, then make security changes accordingly.
Incidents can, and will, happen. Mariner abides by the industry-standard framework for all incident management: Prepare, Identify, Contain, Eradicate, Recover and Learn. Prepare is the first word, not ‘wait’.
Mariner regularly performs Privacy Impact Assessments (PIA) when infrastructure changes require them, as well as performs gap analyses for clients left unsure which next steps are the priority. Let us help you quickly identify what your organization’s next steps should be.
While Data Privacy Day is just one day, data security is, of course, a business requirement every day. We use today to offer those few questions to help raise awareness, to help start the conversation around how important it is to secure sensitive and personal information. Until then, Mariner wishes you and your organization a Happy Data Privacy Day!
Mariner Security Solutions Team