May 1, 2018 Yes Institute

Information Privacy: Managing Data Spills

Author : Ms. Preeti Sinha, Senior President – YES BANK, Glocal Convener- YES Global Institute

In today’s day and age businesses are consistently impacted by data breaches. From the 2014 JP Morgan hack, impacting approximately 80 million households and 10 million small businesses, to the latest Facebook scandal, where the corporation has been tracking and harnessing years’ worth of call and text data. Such breaches, which has led to an upsurge in the personal vulnerabilities experiences by users. In the wake of numerous data breaches, users need to be educated about the data they are sharing with multiple platforms as well as the role of information privacy in an organization.

What is Information Privacy?

According to Techopedia, information privacy is defined as “the privacy of personal information and usually relates to personal data stored on computers”[1], thus deeming it necessary for users to consider the important aspect of information sharing.

Information privacy is crucial in the cyber-age, one has to encrypt, authenticate and mask data, with the hopes of ensuring that information is readily available to solely authorized users and nobody else.

Importance of Information Privacy

In this day and age companies collect personal information in order to curate personalized services for their customers, however they simultaneously need to develop robust mechanisms to prevent data theft and infringement. Moreover, any leakages will directly impact a company’s reputation in both the short and long run. Furthermore, through enhanced compliance and protection of customer information may result in increased loyalty and enhanced customer satisfaction.

All in all, it is important to make data and thus information privacy as vital cornerstone of any organization.

Data Privacy and Data Security

Data privacy and data security are treated synonymously, however there are key distinctions between the two.

Data security is commonly referred to as the confidentiality, availability, and integrity of data[2]. Data security inculcates all the processes to ensure that data cannot be accessed by unauthorized individuals and groups. Furthermore, data security focuses on guaranteeing accurate and reliable data is readily available for authorized users.

Data privacy is suitably defined as the appropriate use of data by authorized users[3]. Privacy concerns arise wherever personally identifiable information is collected, stored, or used[4]. The premise is such that when companies, groups, and individuals have garnered access to data, it should solely be used in adherence with the agreed purposes. When failing to do so, governing bodies enforce consequences against them as they have failed to acknowledge and ensure the privacy of data and utilizing the data in an unauthorized manner.

It is important to understand that it is impossible to ensure data privacy without data security, however the opposite doesn’t always ring true.

The distinction between data privacy and security are crucial as “they’re woven deeply into the overarching issues of privacy and cyber-security, both of which loom large in businesses, politics and culture”[5].

 How to improve Data Security

Firstly, as an organization it is fundamental to define the roles of employees and their access to data. One has to determine which employees require access in order to limit the amount accessed by users with the hopes of decreasing data breaches. An organization should appoint one or many admins to handle access to data, however it should be a small manageable number.

Secondly, it is crucial to know and to protect your most important data. As an organization it is vital to prioritize data protection in the event of a breach. One has to know your most important data and work towards protecting the most valuable data first. This data usually comprises of approximately 10% of the company’s data, and if hacked this would cause the most damage to a company. After identifying such data, develop policies and procedures to secure the data and limit its access to a handful of authorized users.

Thirdly, it is quintessential that an organization develops a data security policy when breaches and hacks take place. It is important to create a detailed plan that highlights which employees need and have access to data during such an event. Additionally, such policies can also streamline and organize employees, thereby aiming to mitigate such hacks and breaches. The policy should be updated regularly in order to better match the growing technology innovations taking place. Through having such data policies which are strictly enforced, an organization has a higher probability of protecting ones data.

Lastly, it’s important to back-up your data at regular intervals, whether it be daily, weekly or monthly. Loss of data is a serious issue, which has been crippling organizations for decades. As a result organizations need to be prepared for the unexpected, and through data back-ups one can mitigate such hurdles. Simultaneously, an organization also has to ensure that the backed-up data is equally secure from potential hackers. Through having a strong software program or an IT department, businesses can fight off potential threats and build business values around data security and privacy.

Ultimately, in today’s world of immense cyber-security threats it is crucial for an organization to be pre-equipped with security tools and privacy improvement in order to shield your most valuable asset, your data!