Purpose Of This Blog Series
This is the first of three posts to help readers understand concepts related to data privacy and be better informed about adhering to data privacy laws. Whether you are a business-to-business (B2B), a business-to-consumer (B2C), a for-profit or not-for-profit, it is important that you understand and adhere to data privacy regulations.
What is Data Privacy?
Data Privacy is the ability of an individual to exercise control over the collection, use, and dissemination of PII (Personally Identifiable Information).
If an organization creates or collects, processes, disseminates, uses, stores, and destroys or deletes data about an individual (PII) then, that organization needs to ensure the security of such information. A data breach occurs when sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an entity (people or system) unauthorized to do so. A breach is quantified by the number of individuals impacted or number of records breached.
Data Privacy Laws ensure businesses safeguard individuals data. Non-compliance with Data Privacy Laws can result in severe financial and legal consequences for businesses irrespective of size. (Examples of Data Privacy Laws include HIPAA and GDPR)
What is PII?
As per the NIST SP 800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII),
PII is any information about an individual maintained by an agency, including:
(1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and
(2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
In Simple Terms
We live in two worlds, real and virtual (or digital). The virtual or digital-world is created by information and communication technology (ICT). Information (data) is the lifeblood of every modern organization. A vast amount of information that businesses handle pertains to individuals – customers, associates, partners, and others. Information about individuals (personally identifiable information) in the wrong hands can be used to cause harm to the victim. Harm includes, embarrassment, loss of credibility, financial loss, loss of identity and a host of other risks to life, property, and society in general.
Since modern business rely heavily on cyberspace for their operations, they are legally bound by Data Privacy Laws to ensure that PII is handled securely.
Data Privacy and Assurance
Having organizational information systems and processes assessed or audited for compliance with Data Privacy Laws is a proven way to assure, secure handling of PII. These assessments and audits are often mandated by law in several countries including the United States. Organizations also need to conduct periodic security awareness and training programs to inform and alert employees and users regarding proper handling of PII.
More Resources for You
The second blog in this series focuses on ‘Self-assessments and Audits’ followed by a blog on ‘Data Privacy Laws’. Watch out this space for more.
We have scheduled a Webinar on Cybersecurity and Data Privacy for 28th January 2022, 11:00 am EST. Click here to register.
Contact us for more information regarding improving your Cybersecurity and Data Privacy practice.