If one good thing came out of the Facebook-Cambridge Analytica data privacy scandal, it was public awareness about data privacy. Mark Zuckerberg has made numerous apologies for the lack of respect for customer data and often refers, warmly, to the Facebook user base as a “community.” Although the jury’s still out on the privacy practices of Facebook and many other mega-corporations like Google, this idea of a community is a key one. As IT professionals, it is now not only a duty of compliance but an act of respect to take data privacy seriously.
In this article, we’ll take a look at eight things that you need to consider when looking at the data privacy practices of your organization.
8 Privacy Practices to Respect Your Customer Community
Privacy by Design (PbD) is a fundamental tenet that determines the privacy of a given system. It encourages the development of configuration, implementation and UX — with data privacy as a central requirement.
Privacy by Design is a process. It starts with data and ends with data and every part of the life cycle of a project in between, encompassing the IT system build, regulations, external parties, policies and business strategies. The following areas can be considered an intrinsic part of the PbD of an organization’s digital data infrastructure.
Inventorying and Updating Systems and Information
Data is a highly fluid entity in today’s hyperconnected world. A cybersecurity audit would typically look at your extended network to locate points of failure and map the attack surface. The same sort of methodology is needed to understand your data inventory and life cycle.
During this process of inventorying you need to include all devices and applications that come under your remit. This includes shadow devices, IoT devices and Cloud applications, as well as those used (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/N8HxvcjItrs/