Privacy Test Driver

Thanks everyone who joined us yesterday for our first Privacy Pit Stop: quick questions and open discussion of recent privacy/security news. Hopefully you can join us again for our next one. As noted there is no recording, for your privacy and to encourage frank discussion.

Taming Privacy Debt

"Damn! We can't find it , we don't know where it is, and what are the risks?"

Privacy Debt is the not too subtle realization that the laxative management of customers’ private information and sensitive intellectual property is not sufficient. This effluvia can too easily slide your business down a large financial hole. It can become very apparent during a data breach. A malevolent event such as a data breach is expensive. Corporate response costs increase substantially as too many operational resources are exhausted in chasing data location and identity owners rather than defending the company.

Say whoa! to privacy debt…

If you collect too much data - you have privacy debt
If you don’t know how your machine learning is eating your Big Data - you have privacy debt
If you store your data forever - you have privacy debt
If you don't know where your data goes and where it flows downhill - you have privacy debt
If you can’t royally be bothered to answer consumer (paying customers) data requests - you have privacy debt
If you have shared your data with a 3rd party, and are not sure how they handle it - you have privacy debt
If you are in no hurry to report a data breach, or just wear blinders - you have privacy debt

Taming the tiger

First set up a project team composed of members from the IT department, business products lines, service lines and sales. Elect a liaison to ensure senior management support and budget approval. This is necessary to ensure the executive tone-at-the-top fully supports the project.

Next the project team will investigate and discover what data their business units have collected. This data includes structured databases and loosely managed data in spreadsheets, PowerPoint presentations, reports (Tableau, SalesForce, ServiceNow, etc.), data buckets and cloud services. All of it must then be centrally managed.

Then your project team must locate the owners of the corporate data. This is a key question: what responsibility does each department’s manager, staff employees and their IT technical support team have? After discovery, analyze the results and decide the best actions to take. Then the project team must document these decisions, and perform an annual review of these findings to keep it relevant to the business.

Your project team empowers the building of new workflows and processes that strengthens data privacy protections. They assign roles, authorizations, and access rights to corporate data and systems. These deliverables should work together cohesively to strengthen the businesses key risk management while not hindering the business's profit making workflows.

The project team enables better corporate data security and privacy protections, permitting senior management and legal to handle data retention policies. Using minimally required data increases compliance for core financials, Human Resources, and protection of intellectual property. Non-essential data should not be kept for long term storage; it should be deleted regularly and securely to reduce the risks of managing toxic data and storage costs.

Finally after the internal governance and compliance structures are in place the project team can extend their scope of work. External business partners and cloud services should be audited. The project team will need to review the audit of cloud and 3rd party corporate user accounts, databases, data storage and data access rights. These external service providers must be vetted for legitimate usage and proper data security and privacy protections by the project team. Security and compliance certifications should be required for acceptance by the project team.

Commonly the ISO 27001, 27017, 2018, 27701, and FedRamp are often used as proof of compliance to laws and security requirements being met by the Cloud service providers. Every company needs to implement the right processes to protect the business from bad data security protection habits that break security and threaten customer privacy.

Are we done yet? We started with the definition that privacy debt is the product of neglecting the maintenance , privacy and protections of customers’ and corporate data. Growing successful businesses knows this is a never ending process.

The goal of the project team is to reduce privacy debt. It is a means to improve corporate risk management, and reduce costs. This increases the corporation's ability to respond quicker to any possible security incidents. It benefits both customers and the business.
It is a win-win prize.
Best of success to you all.

Can't wait to host you!
Ann Ljungberg
The Expert Method Strategist
https://www.expertcoalition.com/

The 60-seconds Expert Summit
Friday, September 2nd, at 10.00 AM to 11.00 AM
Pacific Time (US and Canada)
Thank you everyone who was able to join the 60-Seconds Expert Summit.
https://app.eventraptor.com/events/25976147099652090

Leap over privacy roadblocks and find the road to success
Kim Green, Synergist

The 60-seconds Expert Summit Welcome to sign up as a speaker for the 60-seconds Expert Summit! You will get 60 seconds to share your expertise with a broad audience, a chance to build your list and make new connections. In 60 seconds, I’m confident you can share - in an engaging way:Your name & business (best if you can just ...

Palo Alto wireless mesh router for secure home use due out this fall.

Okyo™ Garde: Enterprise-Grade Cybersecurity With Consumer Simplicity Okyo Garde delivers the robust, enterprise-grade cybersecurity that Palo Alto Networks is known for with consumer simplicity.