- May 19, 2020
- Posted by: Chad Gniffke
- Category: Compliance
Currently, 55% of the world’s population is covered under some kind of privacy regulations. According to Gartner, by 2023 that will increase to 65% of the world’s population. I imagine over the years that number will continue to increase.
In some ways, true privacy has been declining over the years, and in other ways, there has never before been more burdens placed upon businesses to try and keep personal information private.
I am hosting a webinar this week to help companies understand their compliance burden and give an actionable checklist to ensure they are compliant with the latest regulations.
Make sure to REGISTER NOW to get your compliance road-map set.
Many companies want to know what personal information they are required by law to keep private. Personally Identifiable Information, or PII, includes any data that can be used to identify specific individuals or information that is linked or linkable to an individual, such as a medical record.
Some of the data can include:
• Social Security number
• Passport number
• Drivers license number
• Taxpayer Identification Number
• Patient identification number
• Credit or debit card number
• Financial account number
• Vehicle identification number
• Mail address
• Phone number
• IP address
• MAC address
• Login ID
• Social media posts
• Digital images (particularly of a
face or identifying mark)
• Biometric records: fingerprint,
retina scans, voice signatures,
• Account security questions
Interestingly enough, it generally does not include:
• Date of birth
• Place of birth
• Business telephone number
• Business email
• Business mailing address
• Geographical indicators
• Employment information
• Education information
• Some financial information
While the Healthcare industry has been under compliance burdens for many years with the HIPAA laws, new industries are being required to have a plan in place for keeping PII safe.
Specifically Finance, Real Estate, Education, and Government industries have additional compliance burdens placed on them above and beyond that placed on the rest of the business world.
This doesn’t mean that other industries are safe from understanding and putting in place protections to ensure the safety of the PII they posses. With regions, including California adding compliance burdens across all industries, no one will be able to say they didn’t know when faced with a breach or lawsuit.
Make sure you are in the know by attending our webinar on Wednesday! REGISTER NOW!
If you are unable to attend the webinar, make sure to download the complete compliance checklist by clicking here.
The key to proactive compliance is interlock. The right people need access to the right data at the right time, but that’s easier said than done. Legacy systems such as on-premise archiving tools that only capture emails create troubling gaps—what happens when a lawsuit involves communications over Salesforce Chatter or Slack? Or, if incomplete cyber threat protection devices leave room for hackers to intercept emails, what’s to guarantee data hasn’t been tampered with?
A good compliance program consists of:
Policies and procedures
Companies need teams or individuals dedicated to crafting internal policies and procedures that satisfy regulation, but also internal demands like workplace harassment. Where new threats arise daily and regulatory demands change monthly, most teams must rely on vendors that update their systems and policies automatically.
Data retention policies
Companies need defined and verifiable data retention and deletion policies that satisfy regulation. That includes not holding data longer than its required, and giving consumers secure access so they can know what data is held on them, and to request it be deleted. Teams that don’t know what data they’re holding can be exposed and yet unaware of it.
Companies need an active defense against malware and malicious actors. All things connected are increasingly vulnerable and breaches are a common trigger for audits and litigation. Under GDPR alone, $474 million in fines were levied in 2019, many due to breaches that exposed improper storage policies.
Secure email is critical—business email compromise (BEC) is the most common way many hackers get in the door to access sensitive data. Some 79% of organizations consider secure email a vital need according to research by Pulse Q&A.
Storage is important, but so is proving it—88% of companies aren’t certain what data they hold on consumers. A good modern archiving tool can help if it’s flexible and allows teams to enforce both regulatory requirements and internal policies.
Surprise litigations and audits have a hidden cost: The time of employees who are drawn into the process to help auditors or litigators access data. IT and information security teams, for instance, rarely plan for or budget this time. A modern eDiscovery tool can help if it allows for roles and permissions, tagging, and has an interface as simple as Google Search, to democratize data access