One month ago, the idea of a meat processing plant as the subject of a cyberattack seems almost inconceivable to the average person. Yet, in early June, JBS, the world’s largest meat supplier, wrestled to resolve a massive breach that shut down parts of its supply chain in the U.S. and Australia. Three weeks before, a similar attack had disrupted the Colonial Pipeline’s computer infrastructure, causing soaring gasoline prices and temporary shortages in the southeastern U.S.
These attacks highlight a vulnerability facing all organizations in today’s rapidly changing privacy environment.
How exposed are you? Are you prepared for the challenges facing business owners today? Consider these three areas when assessing the adequacy of your company’s data protection program and evaluating proper risk management.
Privacy Awareness Training
The number one issue facing companies today is privacy training. There are many reasons to keep company data secure, but a privacy infrastructure is only as secure as its least informed employee. Therefore, an organization must have clear, defined, and adequate privacy awareness training. Threats to privacy range from external sources like hackers to internal sources, such as mishandling data by employees. Aside from criminal costs, consequences arise from mishandling privacy data, including substantial government-imposed fines for non-compliance with the law.
Security breaches also compromise customer trust. Exposing a client to data breaches weakens trust and business relationships may suffer. Training employees on high stakes privacy issues is an imperative baseline to any data protection program.
A broad overview of training covers best practices for interacting with technology, employee responsibility with regard to sensitive data, the rights of data subjects pertaining to their information, and obligations for data breach reporting. However, each organization has unique needs that necessitate privacy awareness training tailored to its industry.
Privacy Compliant Infrastructure
While privacy awareness training is a first step in ensuring compliance with both best practices and government privacy regulations, a company must also consider regularly updating technology and other infrastructure to ensure data and network security and to protect against security breaches. One way to ensure compliant infrastructure is to embrace privacy-enhancing technologies. Examples of such technologies include using Virtual Private Network (VPNs), encrypting data through Secure Sockets Layer (SSL) or similar technologies, and using secure cloud-based architecture to store data.
Privacy Audits
A privacy audit is an assessment tool that ensures an organization's privacy practices are compliant with current laws and regulatory requirements. Every organization has unique needs in terms of its data handling practices and are subject to specific duties and obligations under existing privacy laws. To that end, an experienced data privacy professional assesses the organization's needs and ensures that the organization’s privacy and cybersecurity framework is adequate. An experienced privacy auditor delineates the organization's key risk factors and reviews existing privacy policies on how data is collected, maintained, disseminated, and disposed. An audit also includes a review of risk-management policies and processes implemented by the organization. The audit results in a comprehensive report on the organization's state of privacy compliance, and creates a roadmap of action items need to strengthen the privacy framework.
With increased reliance on user data, combined with constantly developing privacy law, a company must consider its privacy program to stay competitive in the market, and to avoid strict consequences that result from data breaches. Regular and comprehensive privacy awareness trainings and infrastructure updates create a privacy-preserving mindset with an organization, but to ensure best practices, a privacy audit is needed to fully align a data privacy and cybersecurity program with a company’s needs.
- Senior Attorney
Carey Kulp, CIPP/US, helps clients protect one of their most valuable assets: their brands.
Drawing on more than 10 years’ experience in intellectual property law, Carey counsels her clients on strategies to identify and develop ...
Subscribe
Recent Posts
- The Expiration of the After Final Consideration Pilot Program 2.0 (AFCP 2.0)
- Patently Unclear: Why Result-Oriented Claims Don’t Make the Cut Under 35 U.S.C. § 101
- Make Your Invention The Priority, What Track-1 Can Do For You!
- Navigating Final Rejections in Patent Prosecution: AFCP 2.0 vs. 37 CFR § 1.116
- A Clear POV on Patent Eligibility Under 35 U.S.C. 101: Contour’s Claims Zoom Back Into Focus in Contour v. GoPro
- Understanding the Recent Federal Circuit Decision in Broadband iTV, Inc. v. Amazon.com, Inc. on Patent Ineligibility
- Federal Circuit Clarifies Obviousness-Type Double Patenting in Allergan v. MSN Laboratories: The Impact of Patent Term Adjustments on First-Filed Patents
- The Risks and Rewards of Using Open Source Software
- Don't Let Your Trade Secrets Walk Out the Door With Your Employees: Patent Them!
- Federal Circuit’s New Test For Design Patent Obviousness Will Change Everything
Archives
- September 2024
- August 2024
- June 2024
- May 2024
- April 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- October 2022
- August 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- November 2019
- October 2019
- September 2019
- June 2019
- April 2019
- February 2019
- January 2019
- October 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- August 2017
- July 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017