Data Privacy Day is an international effort celebrated every year on January 28th to generate awareness about the importance of respecting privacy, guarding data, and aiding trust. Data Privacy Day was established in 2008 in the USA and Canada as an extension of Data Protection Day in Europe. Data Privacy/Protection Day honors the signing of Convention 108 in 1981, which is the first legally binding international treaty to acknowledge data privacy concerns.
Consumers are becoming more and more aware each year on an international level about how much value their personal data is worth. Research conducted by the Lares Institute shows that 40% of consumers, particularly those possessing higher incomes, made buying decisions based upon privacy. In addition, 51% of consumers say in the past two years they have been notified by a company or government agency that their personal information was lost or stolen as a result of one or several data breaches. The results of this study show how data loss can mitigate shareholder value as well as customer loyalty.
Businesses are wise to be just as cautious as their consumer counterparts. Big organizations like Facebook and Amazon may be making the headlines when it comes to data breaches; however, 60% of small and mid-sized companies go out of business within six months of a cyber-attack. Attacks and breaches have increased exponentially within the last decade, and, as a result, we have seen an influx of data protection regulations around the world that require businesses to implement concrete data protection methods. In short, our rising digital economy has forced businesses to rethink their data security priorities and practices. Practicing data privacy is just as important as customer service, and, since the implementation of GDPR, is typically also a regulatory requirement. Below are a few ways companies can pursue data privacy preparation further.
If corporations are people too, they should empathize with consumers. Companies may gain advantages relating to customer retention if they focus on the needs of the individuals entrusting them with their data. Privacy is a hot topic of marketing for the technology industry. However, marketing new privacy tactics is no longer only a concern for tech companies in this digital economy. Companies that take precautionary efforts to protect their consumers’ data will ascend those competitors who may have taken a passive approach.
Educate the consumer. Whether that be an employee or a customer, the end user is the best line of defense against an attack. Many federal statutes are already in place in industry-specific contexts such as HIPAA, FCRA, FACTA, PCI DSS, The Privacy Act of 1974, etc. These laws attempt to protect an individual’s personally identifiable information (PII) by restricting a company from sharing information. Employees must know the proper data destruction method for specific PII to guarantee data won’t end up in the wrong hands. Outlining to the customer how their data will be destroyed from the organization post-use will retain their loyalty. Whether it’s a solid-state drive (SSD) or hard disk drive (HDD); failed, erased, or overwritten drives can still contain recoverable data. Regardless, advancements in computing create the ability to process vast amounts of information, and new challenges have emerged as our technology evolves.
Adopting an Acceptable Use Policy (AUP). Acceptable use policies outline when and how employees can use the business’ internet access. They set the stage for concerning questions employees might have regarding the use of PII. These policies cover who needs access to PII, which regulations the company must follow, where are the vulnerabilities in the company’s use of PII, and rules and permissions company personnel have must follow. Regardless of how the data is compromised or lost, or how small the company may be, fines are one of the largest — and most effective — known consequences for mishandling personal data. And let’s not forget that a breach in personal data can also result in severely damaging the brand’s reputation, loss of customer trust, employee dissatisfaction, and increased costs after the breach to recover from the aftermath. As an example, Health Net of the Northeast Inc. agreed to pay for two years of credit-monitoring for 1.5 million members whose details were on a single lost hard drive.
Overall, by empathizing with the individuals at risk, organizations can gain perspective in regard to their client’s privacy, thus strengthening the bond to maintain that level of trust. It’s necessary to educate employees and users how PII is controlled using a layer of technology that exhibits practical data privacy practices. By enforcing Acceptable Use Policies within the company, they can lay the groundwork for how this layer of technology is used with respect to PII and who is permitted to handle it. While there are many other protective elements companies can use to reinforce data privacy, being mindful of these few can differentiate your business from competitors.