Protecting private data is serious business. In the fall of 2017, the credit reporting agency Equifax made headlines by suffering one of the largest data breaches in history, exposing the data of 148 million of their clients. And that’s just the beginning: similar incidents happened with both Orbitz and Facebook this past year. January 28 is Data Privacy Day, and it’s a good time to reflect and ask:
- What are ways that my users could be inadvertently compromising data?
- How can we encourage users to improve practices around data privacy?
- How can we help employees protect data at home and at work?
Many employees make the mistake of thinking that their IT departments are “in charge” and responsible for data — after all, it resides on servers that the IT team manages. One of the challenges organizations face is encouraging employees to take responsibility for safeguarding company data as if it was their own personal data.
On Data Privacy Day, here are some easy but effective actions you can take with users to reinforce safe data handling practices:
Reinforce what counts as personal data. Many employees may not be aware of exactly what constitutes personal data, which increases the likelihood that they might misuse or fail to protect it. Take stock of the kinds of data your company deals with, and then break it down for employees in a short document or a company-wide brief. Keep it simple: give examples of what kinds of documents or communications contain private data, and then make sure that employees remember how to handle that information as they communicate within the company and with clients. If you have internal processes in place to securely transfer files back and forth, remind your employees how to use them.
Take some time to emphasize the importance of strong passwords. While most employees know they should be using long and strong passwords to protect their data, many may not know exactly what constitutes a strong password, or other important password best practices. Data Privacy Day might provide a good opportunity to send an email reminding employees of your company’s password policy, and how good practices in this area can help ensure that their own information, as well as that of clients, is well-protected. Or, deploy one of GLS’ short modules on password security to reinforce password habits.
Make a plan to help employees stay aware of data privacy all year long. As crucial as it is to use Data Privacy Day to alert users to important protocols, it’s even more crucial to ensure that awareness and safe practices remain strong afterwards. Use privacy-related courses (GLS’ Privacy and Data Protection Essentials course is a great option) to keep privacy top-of-mind and integrated with other security awareness training. Also, don’t underestimate the power of communication materials like posters (you can download a free one here) to provide a daily reminder to employees about the important data they protect. Use Data Privacy Day as a jumping off point to begin prioritizing the protection of personal and client data.
Companies like Equifax provide an important cautionary tale of how not to treat client data. But they also offer a challenge to do better. In a landscape fraught with companies that fail to protect private data as they should, you have the opportunity to put security first and gain client trust. Don’t let January 28 pass without considering how you can make privacy best practices stick in your company. Use this opportunity to help equip your employees with the tools necessary to identify and protect personal data. For more information about data privacy regulations and best practices, please contact us. We would welcome the opportunity to help you keep your organization’s, and your clients’ data, as secure as possible.
To learn more about how the human element affects information security, we invite you to read a Gartner report, “How to Secure the Human Link.”