By building a culture of privacy from the ground up and automating processes, businesses can simplify their approach to privacy and prepare for any future regulations.
The July 1 application date of the California Consumer Protection Act (CCPA) has passed, but how convinced are businesses to comply with this and other regulations? TrustArc surveyed 1,500 privacy professionals around the world to assess the readiness of the CCPA, as well as the overall state of privacy compliance. As it turns out, for many organizations, compliance is still a work in progress.
Just over a quarter (27%) of respondents have very little or no certainty that their business is able to secure and protect all relevant data of their employees and customers. The aspects of their organization in which respondents lack confidence the most are training, tools and technology, and mindfulness.
Respondents cite a number of challenges that can affect their confidence, including the increased use of third-party technologies such as video conferencing platforms, keeping abreast of changing regulations and managing risk.
The following suggestions will help organizations overcome the challenges of third-party technologies and their underlying data, an ever-changing privacy regulatory landscape, and maintain organizational awareness.
Implement additional layers of security for third-party technologies accp courses
To enable employees to work remotely, many companies have been forced to quickly adopt new third-party applications or use existing third-parties differently during the COVID-19 crisis . To effectively manage supplier risk, it is essential that companies assess new suppliers before they begin to use them. Third-party risk assessment is an essential step in ensuring data confidentiality while working remotely.
After verifying third-party vendors, companies can implement an additional layer of security, such as secure video conferencing. Organizations should require employees to use password-protected video conferencing services and encourage the use of “waiting room” features where the meeting host manually allows participants to enter the meeting. Taking these precautions can prevent unknown parties from participating in company meetings that now increasingly include discussions of very sensitive information. Adding these guarantees will make it easier for organizations to guarantee the security of information discussed or shared during these virtual meetings.
Automate Risk Assessment Processes to Stay Up to Date
There are now over 900 different privacy regulations around the world, and this list continues to grow and evolve every day. To stay up to date, companies must review every law; review their records, including data from third party sources; and determine the risk factor of their data according to each law. Often, organizations maintain this compendium of regulatory risk factors through a spreadsheet and other manual processes.
Trying to keep abreast of the 900 existing laws and regulations - even as hundreds more swirl around US state legislatures - by manually calculating risk factors is a Sisyphean task. To stay up to date, companies will need to take advantage of technology that can automate some or all of these processes, thereby simplifying risk assessment.
Operationalize Risk Management
In addition to making risk assessment processes more automated, successful organizations should integrate personal data use considerations into the fabric of their business and departments. One way to do this is to have a Privacy Officer (CPO) lead ongoing privacy discussions and ensure that privacy is built into the framework of the organization.
Confidentiality is not a checklist item, a task with a beginning and an end. Rather, it is an ongoing strategy that privacy officers and other privacy officials, such as information security officers (CISOs), should be tasked with implementing. 'administer. Privacy officers should work to:
Embed data privacy concerns across their organization from day one.
Develop resources on individual rights management, privacy by design principles in product and service development, and operationalized data governance in the form of record keeping, data retention and deletion policies and data flow mapping
No comments:
Post a Comment