10 Things to know about Data Privacy

10 Things to know about Data Privacy

  1. Report compromised data: It is the law
  2. Customer loyalty is directly dependent on privacy
  3. IT pros bear most of the burden for privacy
  4. A data classification policy is essential
  5. Identifying critical systems helps risk analysis
  6. Organizations carry the burden of proof
  7. CPOs oversee privacy issues
  8. Privacy incident management can prevent future risks
  9. Boundaries are blurring
  10. White collar crime threatens privacy

Why the Challenge?

  • There economic incentives for businesses to maximize the commercial value of personal data.
  • Privacy or protection of personal data in business data processing is often regarded as a constraint on business efficiency and hence counter-productive to business.
  • Difficult to find an appropriate balance between the threat to privacy and the needs of the business organization.

Difficulty in:

  • Checking for compliance
  • Enforcing privacy rules
  • Setting software standards

Typical Technical Controls

  • Technical Controls
    • Access Controls
    • Audit Controls
    • Identification and Authentication
  • Management Class Controls
    • Security Planning, Policy, and Procedures
    • Systems and Services Acquisition Policy and Procedures
  • Operational Class Controls
    • Security Awareness and Training Policy and Procedures

Universe of Legal Requirements

  • Federal
    • GLBA
    • FTCA
    • SOX
    • HIPAA
    • FISMA
    • FERPA
    • 21 C.F.R. Part 11 (FDA Regulations)
  • State
    • Notice of Security Breach
    • Other State Laws
  • International
    • The General Data Protection Regulation (GDPR) (EU) 2016/679
    • Canada PIPEDA
    • Others (e.g., Japan, Australia)
  • Private Contractual Requirements
    • PCI DSS
    • Business Associate Agreements
  • Service Provider Agreements