Why so many privacy emails in my inbox?
And why you should pay attention
If it feels like your email has been flooded with messages about privacy lately, you're not imagining it. A perfect storm of industry and regulatory challenges has companies scrambling - as never before - to ensure you know what they are doing to safeguard your personally identifiable information (PII).
All of these emails are coming your way for two reasons. First, the European Union's General Data Protection Regulation (GDPR), arguably the largest privacy rules in history, took effect on May 25. At the same time, Facebook continues to face a public relations nightmare as well as government scrutiny and fines over how it has handled (or possibly mishandled) the private records of subscribers.
Clearly, this unparalleled combination of privacy related events has companies doing their best to avoid running afoul of regulators or the media. But that doesn’t suggest their notices are entirely self-serving.
In all likelihood, most of these companies want your help in managing your digital privacy, which is why you should not ignore their emails. Yes, there is plenty of legalese to paddle through, the type we often see and ignore at the bottom of form letters. But in this case, buried amongst the mumbo jumbo, you could also find vitally important information for actively defending your privacy.
What to do
For your business
If you’re a business, you also need to know something about this recent push around privacy. In particular, it’s important to understand what GDPR is because it could significantly affect your ability to operate in compliance with current or upcoming laws and regulations.
GDPR essentially replaces all other data protection regulations within Europe. With it comes the potential for hefty fines for companies that do not comply: up to €20million, or 4 percent of the organization’s global turnover, whichever is higher. In fact, some major companies already face lawsuits alleging GDPR violations.
So what do the new regulations actually do?
This regulation does two things: It protects the data rights of EU citizens, as well as their privacy, namely their personal data. Anyone who does business within the single market must comply with it. That includes non-EU businesses who deal with EU customers. Businesses should also keep in mind that GDPR will probably raise the bar within non-EU countries and eventually become baseline for data privacy around the world – another reason to understand and prepare for it.
So, if you have plans potentially involving EU customers, and you haven’t done much to adjust to a GDPR world, there are a three steps your IT department will want to take before too long:
- First, audit your situation, which means going through a process of determining where all your data lives, both internally, externally on service partner and cloud sites as well as on authorized and unauthorized devices with access to personal data.
- Next, make sure you’re putting mechanisms in place to control this data. This should involve a combination of administrative privilege controls, tiered access policies (if they don’t need sweeping network access they don’t get it) and ensuring remote access and erasure rights for company data, enabling IT to wipe or lock down records access in event of loss or theft.
- Finally, consider investing in new, more secure devices. Security strategies typically focus on the network edge and on fortifying devices with software, such as anti-virus applications. But some newer notebooks, laptops and printers now include embedded security features that help protect those devices at a hardware level, an access point that hackers are increasingly identifying as the soft underbelly of many corporate and government IT security strategies.
While we’re on the subject of beefing up security, you should also consider security awareness training for employees given an Experian study showing that 55 percent of organizations attribute security incidents and data breaches to malicious or negligent employees, and 66 percent view employees as the “weakest link” in efforts to create a strong security posture.
No consumer or company should be caught flat-footed when it comes to managing digital privacy. According to Gemalto, a digital security company, 2.6 billion records were stolen, lost or exposed worldwide last year, an 88 percent increase from 2016. The risk is clearly real, it’s becoming more pronounced and nobody can afford to just “hit delete” when privacy information comes their way.
It’s not just up to European regulators or the Facebooks of the world to watch over the privacy of customer data. Each of us must be aware of the threat, be responsible and take precautions to safeguard our own information.