When it comes to data, you often hear the words “privacy” and “security” spoken in a single phrase. But the truth is, data privacy and security are different, and require distinct actions to maintain.
Too many people take the head-in-sand approach to privacy, relying solely upon security practices to safeguard confidential information.
This leaves major privacy vulnerabilities that could have catastrophic consequences for your business.
9 critical steps to preventing a privacy breach
- Know where Personally Identifiable Information (PII) or Protected Health Information (PHI) is stored within your network.
- Reduce PII and PHI to the minimum amount necessary to support the business, or separate confidential information from the rest.
- Having reduced PII and PHI, protect their locations with malware tools, firewalls and intrusion monitoring.
- At your network edge, employ restrictive firewalls, rulesets and advanced traffic monitoring and alerting.
- Check your automatic tools to ensure alerts are acted upon and incidents recorded.
- Have an independent firm audit your practices and results.
- Conduct a privacy breach drill designed to ensure compliance with applicable federal and state regulations and industry and international standards.
- Educate your employees about security and privacy risks and procedures.
- Make sure your people know what’s at stake.
Part of the challenge with privacy is that, while security expectations and penalties for security violations are well-defined in legal terms, privacy expectations and penalties are not always as clear.
But regardless of official penalties, what is ultimately at stake is the integrity and trustworthiness of your business.
And that’s why you and everyone at your company should take privacy very, very seriously.