6 Steps Toward Ensuring Data Privacy - InformationWeek
IoT
IoT
IT Leadership // CIO Insights & Innovation
Commentary
11/11/2008
02:40 PM
Rob Preston
Rob Preston
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

6 Steps Toward Ensuring Data Privacy

U.S. companies and other organizations that handle lots of employee and customer data (isn't that just about everyone?) need to view privacy as a formal practice, to the point where it can become a competitive differentiator, according to one of the nation's leading privacy executives.

U.S. companies and other organizations that handle lots of employee and customer data (isn't that just about everyone?) need to view privacy as a formal practice, to the point where it can become a competitive differentiator, according to one of the nation's leading privacy executives.Speaking Monday evening at the Society for Information Management's SIMposium in Orlando, Fla., Dr. Kenneth Washington, who was named Lockheed Martin's first "chief privacy leader" in May, laid out a six-step process for U.S. organizations to consider in ensuring data privacy in this age of hyper-connectivity and ever-more-sophisticated information security threats:

• Conduct a privacy assessment or audit. Know what information your organization is gathering, where it's kept, who has access to it, why you're gathering certain types of information, and what you're doing with it all.

• Pick an accountable person to oversee privacy. That responsibility doesn't have to fall to a chief privacy officer -- in this day and age, few companies have the budget for yet another c-suite czar. Opinions differ on whether that person should live in IT, HR, legal, compliance, or some combination. Washington previously served as CTO of Lockheed Martin Enterprise Information Systems and also chaired the company's IT Architecture Council. And he has a Ph.D. in nuclear engineering -- probably not a prerequisite for the privacy job.

• Create a comprehensive privacy program that includes governance policies and procedures, as well as employee education and training and a plan to regularly communicate policies, to customers as well as employees. That program should also include a breach response plan -- few episodes are as embarrassing as a company scrambling to get its act together on the fly.

• Use a risk-based approach to privacy, stressing prevention (see comprehensive program above).

• Anticipate changes to the legal and regulatory landscape -- though good luck with that one. Washington noted that 43 states now have distinct information privacy laws, and laws vary country by country. Then there are the industry regs (Gramm-Leach-Bliley, HIPAA, etc.) and the content-specific one (Can-Spam).

• Apply successes "to create differentiated value." In other words, all else being equal, customers value companies that respect their privacy more than companies that don't. So do potential employees -- especially the younger generation.

Washington concedes that "complete privacy is out of the question. Now it's a matter of degree." But he exhorts companies to start drawing some lines.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll