Why Data Privacy Matters
Protecting consumer data has always been important. And doing so effectively is not only the right thing to do but also builds brand trust and can have a huge impact on overall business outcomes.
It is no easy task, especially considering many firms must now do so in an increasingly virtual work environment in the wake of the COVID-19 pandemic that has created a litany of new cyber vulnerabilities.
And to make matters worse, studies suggest the public has not fully trusted how its data is collected, even before the pandemic.
A 2019 study from the Pew Research Center found that a majority of Americans feel they have a lack of control on what personal data companies and the government collect. In fact, 79 percent of respondents said they feel concerned about the way companies use their data. Other statistics bear out the public’s overall distrust in how companies and the government store their data.
These statistics might not be surprising, considering the U.S. lacks a central federal privacy law, such as the European Union’s General Data Protection Regulation (GDPR). Instead, the U.S. has a myriad of federal and state laws aimed at safeguarding consumer data. And the same Pew Research study found that 63 percent of respondents said they understand very little about the laws and regulations that are in place to protect their data privacy.
That’s why organizations must treat privacy protection as a top priority. They should let their customers know the steps they are taking to be responsible stewards of data. Doing so will build better trust and ultimately bring better business results.
A 2019 Cisco Consumer Privacy Survey found that 97 percent of companies saw positive outcomes such as competitive advantage and investor appeal from investing in their data privacy strategies.
Conversely, not investing enough in data privacy protection safeguards can send an organization into financial ruin. IBM and the Ponemon Institute report the average data breach cost $3.86 million in 2020.
Still, even firms with robust risk management and privacy protection strategies can fall victim to breaches. This further highlights the need for firms to do everything possible to prevent them.
The National Cybersecurity Alliance recommends business follow these five steps:
- If you collect it, protect it. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access.
- Consider adopting a privacy framework. Build privacy into your business by researching and adopting a privacy framework to help manage risk and create a culture of privacy in your organization. Frameworks can be modeled after The California Consumer Privacy Act of 2018 (CCPA), ISO/IEC 27701 – International Standard for Privacy Information Management and The National Institute of Standards and Technology’s Privacy Framework.
- Conduct an assessment of your data collection practices. Understand which privacy laws and regulations apply to your business.
- Transparency builds trust. Be open and honest about how data is collected, used and shared.
- Maintain oversight of partners and vendors. Even if another company provides services on your behalf, you are still responsible for how it collects, uses and secures that data.
For additional tips and best practices, visit the National Cybersecurity Alliance’s website: https://staysafeonline.org/resources-library/?_sft_type=tip-sheets.
TalaTek can also be a good resource for building a strong risk management program. Email firstname.lastname@example.org for more information.