Jan. 28 has been designated as Data Privacy Day, described by think tank The Privacy Projects as “an international celebration of the dignity of the individual expressed through personal information.” However the need for protecting private data extends beyond individuals to government and commercial organizations.
All organizations have a responsibility to protect the private data of employees, clients, and constituents. In that regard, it might be even more essential for enterprises and government agencies to support the objectives of Data Privacy Day than for the individuals for which it is intended.
With that in mind, here are my top five data protection practices for organizations.
Review your policies and ensure they cover new technologies your employees are using such as social networking, collaboration tools, cloud computing, and so on. Many workers are now using mobile devices to help them do their jobs or posting work-related information on social networking sites. Make necessary changes to your policies to ensure your employees understand their responsibility to protect their organization’s data continues to be a priority, even as their methods of working change.
Update your security training to include data protection requirements such as marking, transmitting, encrypting, and archiving data in accordance with your organization’s data rules. Employees should be made aware of which of the organization’s data requires the highest levels of protection and which do not. Not all data is of equal value, and it should be made clear to employees how to treat various data based on its value to the organization.
Require your administrators to review access to all applications and systems. With more mobile devices being used to access your organization’s data, it will become both more important and more difficult for you to keep tabs on who is active in your IT environment.
Monitor your critical or most sensitive data. As noted above, all data is not created equal. If you don’t have a monitoring program for your mission-critical data, lay out your strategy and present it to your management.
Educate your employees about their responsibilities, and hold them accountable. This sounds fairly simple, but it’s also one of the most essential aspects of data protection. Many organizations implement acceptable use policies that express in clear language the agreement between the employee and employer with regard to data. If all employees know the rules, data breaches could be reduced significantly.
Data Protection Day is the perfect occasion to revisit these best practices. Regardless of the size of your organization or whether you work in the private or public sector, they should serve you well.