No one is too surprised anymore when another big company makes headlines for a data breach. With the quickly evolving connectivity and growing amount of shared data brought by the Internet of Things, data breaches will most likely become even more prevalent.
Employees access data and share information more than ever before, making data more relevant in all areas of workflow. Businesses use data to decide who to hire, which new technologies to implement, and how to advertise.
Many companies that employ someone to be in control of data privacy still don't have a privacy budget. Often, money is spent on privacy only as reactionary measures to isolated issues. Companies would be better off implementing privacy infrastructure, including clear employee responsibilities, dedicated budgets, proactive training, and attention to privacy at all levels of workflow.
Three Way to Avoid a Data Breach
Data and the IT systems that contain it are multi-disciplinary, designed for and utilized by almost all departments within an enterprise. This means privacy measures need to be deeply rooted within company culture to be effective.
1. Privacy by Design
Companies should be designing standard codes of use when it comes to data. Privacy be design suggests privacy be embedded into the development of technologies, business practices, and network infrastructure from the very beginning. Everyone in the company should know which individuals are responsible for implementing data policies. Who is accountable to the board of directors and other stakeholders?
In addition, only data that is necessary and usable should be collected. There are limitless amounts of data companies could collect or tap into, but a key aspect of data science is to ask the question first, then collect the data. Excess data isn't useful, it is just a security risk.
2. Caution with Vendors
With more complex IT systems and data mining methods, more vendors are going to be involved. It's important to vet vendors diligently, as third parties are notorious for privacy breaches. Make sure their privacy policies are up to your standards, and consider a contractual clause regarding data ownership.
Be open and honest about the data you collect and how you'll use it. Whenever possible, ask for explicit permission to collect data. Train employees on proper privacy mechanisms and regularly evaluate employee behavior in terms of privacy. Let them know you're doing this and how important it is for the company.
Companies are finding the competitive edge that comes with using all kinds of data. As the strategic value of data grows, so will issues around data privacy.