7 Best Practices to Protect Data Privacy
TalaTek shines spotlight on data privacy during Data Privacy Week
Editor’s Note:
The week of January 24–28 was Data Privacy Week, “an international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust.” TalaTek is proud to be a Data Privacy Week Champion, joining other “organizations and individuals dedicated to empowering individuals and encouraging businesses to respect privacy, safeguard data and enable trust.” TalaTek reinforces best practices in data privacy protection with the following blog post.
When customers buy a company’s product, invest in a stock, use their health insurance, pay their property taxes, or engage in any of a hundred transactions, they are trading more than just their money for a good or service. They are also trading their trust in the organization to keep their personal information safe, such as credit card numbers, social security numbers, birth dates, and health records.
Being able to secure customer information is crucial. Because if the organization falls victim to a cyber attack, all this sensitive data can be compromised. This can cause incredible damage to those with data in the hacked system. And it can cause irreparable harm to the organization, both financially and reputation-wise, as well as loss of intellectual property.
Research shows that organizations that fall victim to cyberattacks face damage within their industries and customer base that translates to real dollars. According to IBM’s 2021 Cost of a Data Breach Report (CDBR), the average cost of a data breach globally is $4.24 million, with 38 percent of that figure ($1.59 million) stemming from lost business-related expenses. The report defines these expenses as “business disruption and revenue losses from system downtime, cost of lost customers and acquiring new customers, reputation losses and diminished goodwill.”
Protecting consumer privacy isn’t only a business-smart thing to do. In some instances, it’s also the law. For example, regulations such as the General Data Protection Regulation (GDPR), a regulation in European Union law on data protection and privacy in the EU and the European Economic Area, and the California Consumer Privacy Act (CCPA) offer people certain protections, controls and disclosures about the data that companies collect about them. A company required to abide by these mandates that fails to follow these regulations can face serious consequences—CCPA gives customers the right to sue companies against certain types of data breaches.
The United States as a whole, however, lacks federally mandated privacy laws that require companies to adhere to the same data collection standards, regardless of where they conduct business.
That’s why the onus to protect customer data is on the companies that collect, store and sell it. Here are best practices companies can take to protect their customers’ privacy, according to staysafeonline.org.
- Understand business obligations under the evolving data privacy regulations
- Conduct audits of personnel access to data
- Conduct third-party security audits
- Only collect the minimum of necessary customer data
- Destroy unneeded customer data
- Create a plan to store and secure collected customer data
- Make cybersecurity a part of company culture
For more information on how your organization can ensure you are protecting your customers’ data privacy and on establishing effective third-party risk management strategies, email info@talatek.com. We are problem solvers.