Have today’s privacy policies made us a society of liars?
The importance of data privacy is becoming more and more prevalent: From major retailer breaches to identity and healthcare theft, the general public is growing more aware of the risk of data breaches and the importance of data privacy in all aspects of their online lives. In fact, a recent GfK survey of U.S. citizens found that 88 percent of respondents are concerned about the privacy of their personal data—with 59 percent stating their concern has risen in the last 12 months.
In a world where a click of a mouse or a swipe of a card provides organizations with an in-depth look into our most personal information, consumers must demand corporations take actions to foster (or regain) their trust. Further, they must become more aware of corporations that are accountable and transparent with how they collect sensitive data and what they do with it.
However, a dilemma is at hand: Companies often cannot or do not perform the necessary technology evaluations prior to implementation to ensure data privacy, while consumers assume businesses are taking the extra step for their safety. These actions are identified and disseminated to customers through documents such as privacy policies. This brings up two questions: First, can these legal forms serve as catchalls? Second, does the public really understand privacy policies?
The short answer to both of those questions is no. Why? We don’t read them. We blindly accept them to avoid reading lengthy, legal jargon-filled content and to begin using the service we downloaded, bought, or installed. So in the end, the general public is left with the desire to know about how companies protect them but lie about reading what is presented to them. How can organizations overcome this massive conundrum?
Before looking to change your customers, an organization must first address the issues from within. This means enforcing and measuring success or failure of your organization’s privacy policy internally prior to externally. We must trust ourselves before we can expect the public to gain trust. Organizations often turn to software to identify risks and provide solutions on an ongoing basis. Because information is constantly being created, proactive assessments must occur on an ongoing basis in order to create a comprehensive lifecycle approach to risk mitigation. When selecting the correct technology for your organization, be sure to select a solution that can do the following:
Say It: After establishing information privacy policies to ensure sensitive or regulated content is classified, secured, and protected appropriately; be sure your selected tool scans enterprise content stored on web and cloud platforms against a wide range of U.S., international, and vertical-specific compliance regulations and guidelines. Your organization may want to automate these assessments to be sure they happen on an ongoing basis.
Do It: Determine the severity of risk-defined business data with advanced risk calculators to help compliance personnel prioritize resolution. Look for a software tool with options such as highlighting areas that violate the specified compliance standards or guidelines as well as providing multiple perspectives on potential risk within content using out-of-the-box and customizable algorithms, helping you quickly address non-compliant information.
Prove It: Prove policy compliance with ongoing monitoring, detailed reporting, and granular incident tracking. Effective tools produce detailed reports of preventative and corrective actions taken to ensure content is uploaded, stored, classified, and secured in accordance with information governance policies. Be sure to combine human review with automated process to ensure risk report accuracy, confidently reporting on risk levels at any point in time as well as demonstrating to chief security personnel progress in reducing overall organizational risk.
In our information-driven society, the amount of a data humankind creates doubles every two years; providing a flood of new information to manage and store. Sensitive information goes beyond Personal Identifiable Information (PII)—it encompasses calendars, schematics, addresses, and anything else that could pose a risk if placed in the wrong hands. By taking the outlined approach to privacy, we can break away from being a society of liars and create a more truthful interaction between enterprises and the public.