How to Implement a Data Privacy Strategy – 10 Steps


Ensuring data privacy is one of the biggest challenges organizations face. A quick look at the statistics related to personal data leaks in 2017 is more than enough to prove that a single incident can have a massive impact to a company’s reputation and finances.

The most notorious recent example is, of course, the Equifax leak, affecting over 146.6 million people, which had their Social Security numbers, names, birthdates and addresses stolen. But that is just one drop amidst a sea of poorly secured private information cases. From a public database exposing 198 million American voter records, to Fedex leaking 119,000 scanned passports, driver’s licenses and other personal documentation on a publicly accessible server, this list seems to be endless.

And yet, this is just one side of the story; after all, even if the mentioned companies are guilty of following poor security practices, they had no intention of misusing private information. This is quite different from the way Facebook treated customers’ data in the Cambridge Analytica case.

The hard truth is that, considering the evolution of cybercrime and the emerging data protection laws all around the world, it is quite clear that every company should create (and follow) clear rules for the protection of private data. However, for most organizations, this will require a significant change in corporate culture, which is not feasible without a strategy appropriate to the corporate context.

Here are a few steps that every company can take in order to adopt a Data Privacy Strategy.

1) Ensure that you have support from the upper management: As Mr. Drucker used to say, culture eats strategy for breakfast. This quote may be somewhat dated, but it remains perfectly true. To put it simply, without senior executive support, your efforts will most likely (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: