Data breaches are becoming common occurrences for organisations of all sizes. While the message on the importance of stepping up data security has been loud and clear, there are still plenty of companies out there that haven't heeded the warnings or simply haven't done enough to safeguard their sensitive digital information. Maybe it's because data security has been filed into the "too hard" basket, but implementing a plan to protect your company's data is not as difficult as you may think.
Data privacy image in Shutterstock
According to The International Association of Privacy Professionals (IAAP), a strong security posture and comprehensive privacy and data security strategy is the single most effective measure companies can take to tackle the risk of data breaches.
"An important first step is to understand what type of information is being collected and what requirements applicable laws, regulations and other internal compliance policies impose," IAAP said in a blog post. This sounds like a daunting task, but you can start small and focus on looking at the processes within your own organisation as a starting point.
CEB Global, a technology and management consultancy firm, believes that a proper data privacy plan can be created and executed in as little as eight weeks with just two full-time employees at no extra cost. It involves a five step process:
- #1 Create a plan for providing privacy guidance: Make a business case and enlist the support of relevant stakeholders. Flesh out a blueprint of the steps, timelines, roles and responsibilities of people involved in the project.
- #2 Identify business processes that require guidance: Request feedback from business process owners, privacy liaisons, and privacy staff to create a list of practices that a data privacy plan would benefit.
- #3 Prioritise: Assess which processes need the direct involvement of staff in the organisation that specifically looks after privacy. You should also use this as an opportunity to bring in a set of rules and practices for handling of sensitive information so that company policies and legal requirements are applied consistently.
- #4 Ensure employees can follow privacy guidance with ease: According to CEB Global:
Make it easy for staff by incorporating them into existing checkpoints. Spread the word about these new resources with targeted emails for different employee groups and for business leaders. And finally, teach relevant employees how to use the privacy tools by getting them included in existing training curricula.
- #5 Lastly, keep track of the implementation: Once you've set up your data privacy regime, be sure to monitor it to measure its effectiveness and tweak the strategy accordingly.