Estimated Reading Time: 5 Minutes
With the global big data market set to be worth nearly $235 billion by 2026, to say that data is now core to business success today would be a massive understatement. From tweaking shipping strategies to delivering more relevant advertising campaigns to customers, businesses are constantly looking for ways to make more data-driven decisions. But with this access to consumer data comes great responsibility. And unfortunately, in many consumers’ eyes companies are not doing all they can to make sure that their data is being used securely and with the highest privacy standards in mind.
According to the Pew Research Center, 79% of U.S. adults report being concerned about the way their data is being used by companies. Moreover, our own research found that 76% of consumers are worried about identity theft, with 34% reporting that they are “very worried.” Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth in your business. Be open and honest about how you collect, use, and share consumers’ personal information. Think about how the consumer may expect their data to be used and design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization and the steps your company takes to achieve and maintain privacy.
Conduct an assessment
Assess your data collection practices. Whether you operate locally, nationally, or globally, understand which privacy laws and regulations apply to your business. Follow reasonable security measures to keep consumers’ personal information safe from inappropriate and unauthorized access and make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes.
Prioritize Third-Party Cybersecurity
Don’t forget to maintain oversight of partners and vendors as well. If someone provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information. And as this year’s slew of supply chain attacks – most notably the Kaseya and Accellion breaches – have shown, third-party breaches can be just as hard-hitting as if your company was attacked directly. Therefore, companies need to have a rigorous checklist in place to ensure that their partners are taking cybersecurity and data privacy as seriously as your business is. Here are a few questions you should ask to get started:
- Does your company have written business continuity/disaster recovery plans? Are these plans tested on a periodic basis?
- Does your company hire an external audit firm to perform a compliance review of your operational controls?
- Does your company have a pre-employment screening policy for employees and contractors?
- Are files and records reviewed, retained, and purged in accordance with legal requirements, contractual obligations, and service level agreements?
Adopt a privacy framework
Knowing the risks that your company’s data faces is pivotal to making sure it is safely maintained and used. However, only 57% of businesses conducted a data security risk assessment in 2020. Researching and adopting a privacy framework can help you manage risk and create a culture of privacy in your organization by building privacy into your business. Granted, there are many different types of frameworks and some may work better for some companies than others. However, the following resources can help organizations get a sense of where to get started:
- NIST Privacy Framework
- AICPA Privacy Management Framework
- ISO/IEC 27701 - International Standard for Privacy Information Management
Ongoing training and awareness campaigns for employees are a must for businesses today, especially as the digital world becomes more and more driven by remote work. Unfortunately, many businesses are coming up short in terms of their training and awareness efforts. For example, 44% of organizations provided no cybersecurity training geared towards remote work for their employees.
If You Collect It, Protect It
2021 was yet another watershed year in terms of business data use. And 2022 is likely to be no different. Therefore, it is imperative that businesses put their best foot forward when it comes to data privacy, and these few steps can help them make significant strides in developing better privacy habits.
At Iris, we believe in being transparent with our partners and their customers about how we’re storing and protecting their data to help strengthen the trust consumers (and our partners) have in us. Plus, we believe it’s just the right thing to do. Contact us today to learn how we protect our partners’ business and customer information.
Since we’re on the subject of data privacy, now is a great time to review your own risk for identity theft and fraud by taking your free IDRiskIQ™ assessment. IDRiskIQ evaluates individuals’ demographics, online behavioral attributes, and the devices they use to better assess their susceptibility to fraud. Once the assessment has been completed, you will receive your score along with immediate, personalized feedback on steps you can take to protect yourself against cybercrime and identity fraud.