Free Article: Global Info Intel

Dangerous Mistakes and Assumptions about Privacy & Data Protection

Making the wrong decision in any area that affects your company’s assets, privacy, or the privacy of your customers and business partners can cost you money. Imagine reading the morning news and finding the name of your company in association with a privacy or data protection breach. The damage to reputation can be very costly, not to mention the costly measures that must be taken internally to reduce the risk of any repeat offence. Avoiding these dangerous mistakes and assumptions can help your organization protect private data and privacy and save money.

Dangerous Mistakes and Assumptions about Privacy and Data Protection

Making the wrong decision in any area that affects your company’s assets, privacy, or the privacy of your customers and business partners can cost you money. Imagine reading the morning news and finding the name of your company in association with a privacy or data protection breach. The damage to reputation can be very costly, not to mention the costly measures that must be taken internally to reduce the risk of any repeat offence. Avoiding these dangerous mistakes and assumptions can help your organization protect private data and privacy and save money.

False Notions of Privacy and Data Protection

People assume that a well-known or well-established company, organization, institution, or business can protect their privacy. This is not only a false expectation, but also shifts the unrealistic burden to the company as though they are infallible. Actually much of the dependency (“blind trust”) is on the front-end handlers of the information as well as intermediate transactions and back end systems and administrators and information processors. The front-end handlers include employees, contractors, partners, third parties and others. The protection of the privacy of the data depends as much on their integrity and ethical conduct as on the restraint placed on them by policies, laws and regulations on privacy.

No known privacy breach, then all is well

Many people assume that if no privacy breach has been detected then all is well! That is not only a fallacy, but actually encourages silent breaches that continue for years until a major breach occurs. You remember Robert Hansen, the FBI agent who breached confidential and highly classified information and was undetected by the FBI for about 20 years. What was the reason? Read the next mistake below.

False Dependency on “trust”

A dangerous approach to privacy protection is portrayed in the notion that if one has longevity in the company or is a good worker, then you can simply entrust them with your privacy. Actually, this is where such false “trust” has been abused historically. All you have to do is read news stories of privacy breaches to see how those responsible have been entrusted with highly sensitive information largely based on their previous “good” performance or track record. Some of the most devastating damages have been inflicted by individuals who had public or corporate “trust”, but have abused their trusted positions or disguised their real intensions and activities.

Privacy is expected since there are controls

This is a major mistaken assumption. The privacy controls are only as good as their effectiveness in preventing, deterring and detecting privacy breaches.

Privacy is subjective to how one perceives it

A problematic area of privacy is in how an organization defines and enforces their policies of data and information protection controls and in monitoring of those “entrusted” with private and sensitive information. This is largely because the custodians may present the impression that effective privacy controls are in place when in fact they exist only on paper, but not in practice. Impressions are given to outside observers, auditors, and regulatory compliance experts that privacy controls are operating effectively. However, privacy controls are only as effective as the efficiency of the actual operating controls and their inter-dependencies. 

Privacy practice is always consistent once demonstrated

Prevalent today is a false notion that if an organization can demonstrate that they currently keep your information private and restrict access to it, then it would continue to do so indefinitely.    The reality is that there are constant changes within organizations including personnel, software, new online services, updates to applications, application servers, data servers, and databases, dependent systems and infrastructures. These along with changes in behavior, business objectives, partnerships, and even mergers pose many challenges to keeping up with privacy controls.

Private information is public when it is available in a public place

Just because a certain type of information about a person can be found easily does not effect an organization’s obligation to protect the privacy of the same information. Actually, the classifications of the data and the laws or regulations that are in place at the time define the category of information as personal or private. This includes information such as physical addresses, e-mail addresses, phone numbers, drivers’ license numbers, passport information, etc. While some personal information may be obtained online such as through social networks or by using search engines, the availability of the information does not define the privacy rights of an individual in regard to the information, since it could be misused for identity theft, or illegal activities. This subject is discussed in greater detail on our website www.globainfointel.com.

Effective Privacy is not possible to achieve so why bother?

Some organizations have taken the ostrich approach to privacy and data protection, they have decided to bury their head in the sand and enforce only minimum controls about privacy until a breach takes place. Some even “justify” this method as a rational financial management, thinking that they will just pay the cost in fines and remediation if a breach occurs, rather than pay the cost to implement effective controls. However, at the core of an organization’s responsibility in protecting privacy is the implementation of controls designed to deter, prevent and detect breaches of privacy. This is the typical legal requirement in regard to data and privacy protection. Furthermore, the private data that could be at risk of breach without effective controls may contain the organization’s own trade secrets and intellectual properties, upon which depend much of the organization’s assets and sometimes its very survival. 

Organizations implement new software, online systems and services with expanded features and functions for customers. They do this in order to compete, conduct research and development, expand corporate markets and increase sales and revenue. At the same time, through implementation of these emerging new systems they become exposed to greater threats through potential access by global hackers. If inefficiencies exist, they are compounded with the implementation of each new application, system, data architecture, management and service. Having effective operating controls is cost efficient and protects the organization from the damage to reputation caused by a breach. In addition, the devastating impact of global intellectual espionage among organizations is due to ineffective data protection and asset controls.

Privacy laws are not up to date with emerging systems and trends

There is a notion that privacy laws and regulations are slow (although they are changing faster in Europe and parts of Asia-Pacific), and thus are not relevant. Some argue that privacy regulations do not adequately address the demands of rapidly changing information and online systems that handle personal and private data. This is a subtle idea that leans more on the legal interpretation, definitions and implication of the laws and regulations. However, it is a big mistake to depend mostly on legal definitions since there are so many regulations in different jurisdictions that address data privacy and data protection. This includes privacy and security controls for handling all categories of private information for various industries including health information (HIPAA), financial (Sarbanes-Oxley), GLBA (Privacy Rules), PCI Industry Standard (Credit Card Payment Systems and Merchants). Not to mention over 350 Global Regulations and Standards that address privacy and data protection. Many regulations stipulate privacy and data protection controls for the reduction of risks to personal and organizational data in private and public sectors.

Furthermore, there are breach notification and related laws in almost every state in the US, Canada and Europe, and increasing regulations in Asia-Pacific, Latin America, South America, Africa and the Middle East.

To find out more details on this subject and similar topics the following ebooks:

Summary of Best Practice Approach

The challenge of global privacy calls for the best practice approach and constant awareness and preparedness in the midst of the rapid technological changes and emergence of new regulations in global privacy information trends. Moreover, the constant escalation and inevitable problems in instant globally transactions, private data sharing and communication, online services and marketing present significant challenges for privacy and data protection. This is exacerbated by the globalization of Internet backbones and data centers. Furthermore, the increase in Web 2.0 applications, social networks, enterprise infrastructures and dependent systems, backdoors, “man-in-the-middle”, contributes to international identity thefts and corporate espionage. Even more devastating is the impact of “insiders” who are known as “trusted” custodians.

To find out more and get free expert information and solutions to these global privacy issues and mistakes, go to www.globalinfointel.com and select “Privacy” in the left column. You can read articles and download key information and intelligence on key privacy issues and global privacy to assist you in making strategic decisions in providing effective privacy controls in the rapidly shifting global trends on privacy.

Coming Soon:

Check this site regularly for the following topics:

·        Major Challenges for Global Privacy Today

·        Top Ten Information Every Computer User Should Know about Privacy

·        Top Ten Major Strategic Solutions for Achieving Effective Personal Privacy

·        Top Ten Major Strategic Solutions for Achieving Effective Corporate Privacy

·        Top Ten Tips for Achieving Effective Operating Privacy Controls

·        Top Ten Strategic Advise for Achieving Effective Data Privacy and Protection

·        Top Ten Key Privacy Advise for Executive Management

·        Top Ten Key Strategic Approaches for Response and Remediation of Privacy Breach

·        How to Perform Cost-Saving, Efficient and Effective Privacy Audit, Assessments, Monitoring and Remediation

·        Top Ten Strategic Advise for Chief Privacy Officers

·        Key Advise for Privacy Officers

·        How to Avoid Big Mistakes and Pitfalls When Hiring A Privacy Consultant

·        How To Become an Effective Privacy Consultant or Officer

·        Key Advise for Privacy Experts and Consultants

·        Top Ten Advise for Achieving Effective Privacy in Online and Internet Environments

·        Top Ten Advise for Achieving Effective Privacy in Enterprise Business Environments

·        Top Ten Advise for Achieving Effective Privacy in Small Business Environments

·        Top Ten Advise for Achieving Effective Privacy in Financial and Accounting Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Financial Markets

·        Top Ten Advise for Achieving Effective Privacy in IT Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Products for Customers

·        Top Ten Strategic Advise for Achieving Effective Privacy in Customer Services

·        Top Ten Strategic Advise for Achieving Effective Privacy in Highly Sensitive Data Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in the Global Transmission of Highly Sensitive Data

·        Top Ten Strategic Advise for Achieving Effective Privacy for Global Organizations

·        Top Ten Strategic Advise for Achieving Effective Privacy in Multinational Corporations

·        Top Ten Strategic Advise for Achieving Effective Privacy for Non-Profit Organizations

·        Top Ten Strategic Advise for Achieving Effective Privacy in Third-party and Offshore Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Partnerships and Corporate Merger Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Health Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Banking Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Insurance Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Legal Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Medical Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy for in Government, Federal and State Agencies

·        Top Ten Strategic Advise for Achieving Effective Privacy in Educational Institutions and Academic Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Research Laboratory Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Oil, Gas and Utility Industrial Environments

·        Top Ten Strategic Advise for Achieving Effective Privacy in Heavy Industrial Environments

·        Understanding Regulations, Standards and Frameworks on Global Privacy

·         Preparing for Major Shifts and Emerging Trends on Global Privacy