Every year the amount of breached information multiplies, yet many organizations are still unprepared should they experience a data breach of their own. To raise awareness and promote best privacy practices and procedures, the National Cyber Security Alliance established Data Privacy Day. This annual event is held every January 28th and offers invaluable information for both businesses and consumers to help keep their information secure.
Is your organization doing everything in its power to protect your employees, customers and clients from data breaches and interceptions? Remember, information safety applies to your entire data collection, not just traditional records. Every company should have a comprehensive information governance strategy in place that addresses all the information your business creates, collects, processes and stores, including but not limited to:
- Online channels
- Hiring process intake
- Social media
Whether you’ve already prepared or just need a little help fine-tuning your policies and procedures, we have some simple tips to help keep your business, employee, client and customer data safe this year.
Prepare for the GDPR now
The May 2018 General Data Protection Regulation (GDPR) is fast approaching, and many businesses are still preparing. If your organization collects or processes the information of any EU citizen as an employee or customer, you must ensure you comply by the deadline.
Established to better protect the information of all residents and businesses throughout the EU, the GDPR introduces key changes to the current privacy legislation, including:
- Mandatory breach notifications within 72 hours of first learning of said breach
- The right to be forgotten (ability for clients to erase personal data from systems)
- Appointment of data protection officers within organizations
- Fines of up to 4% of global revenue or as much as 20 million euro for companies that don’t comply
Review your information governance policy
Information governance includes all the policies, processes and procedures that companies have in place to handle secure information, including the creation, sharing and use of that information. These processes and procedures can not only help protect your customers’ and employees’ information, but they can also protect your company in the event of a suspected data breach. It’s important to monitor and review your strategy regularly to ensure it addresses all your business information effectively.
State this policy on your website, important documents and sensitive communications. You should share this policy any time someone hands over private information. Additionally, the GDPR requires you to clearly tell customers and employees why and how you are collecting their information, as well as give them the ability to opt out at any time.
Your legal team can draft up such a policy. Share this information with everyone in your organization, and ask them to become familiar with it.
Train your employees
It’s as important to train your employees on your policies and procedures as it is to create a solid information governance system. Training modules should include:
- Data privacy procedures – make sure everyone in your organization clearly understands the data privacy procedures your company has put in place (and why such procedures were implemented).
- Data breach response plans – do your employees know how to react should the worst happen? In most cases, data breaches should be reported to the supervisory authority. In some cases, the breach should also be reported to the individuals.
- Good passwords – implement clear and consistent rules to ensure employees are creating long and complex passwords. You can set up regulations with your tech department and coach your employees on how to create passwords that work.
Destroy documents and information you no longer need
While it’s critical your business securely store information for its appropriate retention period, keeping documents and digital data around past its expiration can put your organization at even greater risk. Establish a retention strategy that does the work for you. A digital document solution can monitor retention schedules for you, notifying you when a document is incomplete or ready for destruction. This ensures you always have the information you need, when you need it, and never have the information you don’t.
Get started today!
Join us for our annual All Access Shred Day in honor of Data Privacy Day. Shred your outdated documents for free, and receive data privacy tips from the experts.