10 Things to know about Data Privacy
10 Things to know about Data Privacy
- Report compromised data: It is the law
- Customer loyalty is directly dependent on privacy
- IT pros bear most of the burden for privacy
- A data classification policy is essential
- Identifying critical systems helps risk analysis
- Organizations carry the burden of proof
- CPOs oversee privacy issues
- Privacy incident management can prevent future risks
- Boundaries are blurring
- White collar crime threatens privacy
Why the Challenge?
- There economic incentives for businesses to maximize the commercial value of personal data.
- Privacy or protection of personal data in business data processing is often regarded as a constraint on business efficiency and hence counter-productive to business.
- Difficult to find an appropriate balance between the threat to privacy and the needs of the business organization.
Difficulty in:
- Checking for compliance
- Enforcing privacy rules
- Setting software standards
Typical Technical Controls
- Technical Controls
- Access Controls
- Audit Controls
- Identification and Authentication
- Management Class Controls
- Security Planning, Policy, and Procedures
- Systems and Services Acquisition Policy and Procedures
- Operational Class Controls
- Security Awareness and Training Policy and Procedures
Universe of Legal Requirements
- Federal
- GLBA
- FTCA
- SOX
- FCRA/FACTA
- HIPAA
- FISMA
- FERPA
- 21 C.F.R. Part 11 (FDA Regulations)
- State
- Notice of Security Breach
- Other State Laws
- International
- The General Data Protection Regulation (GDPR) (EU) 2016/679
- Canada PIPEDA
- Others (e.g., Japan, Australia)
- Private Contractual Requirements
- PCI DSS
- Business Associate Agreements
- Service Provider Agreements