6 Steps Toward Ensuring Data Privacy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // CIO Insights & Innovation
Commentary
11/11/2008
02:40 PM
Rob Preston
Rob Preston
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

6 Steps Toward Ensuring Data Privacy

U.S. companies and other organizations that handle lots of employee and customer data (isn't that just about everyone?) need to view privacy as a formal practice, to the point where it can become a competitive differentiator, according to one of the nation's leading privacy executives.

U.S. companies and other organizations that handle lots of employee and customer data (isn't that just about everyone?) need to view privacy as a formal practice, to the point where it can become a competitive differentiator, according to one of the nation's leading privacy executives.Speaking Monday evening at the Society for Information Management's SIMposium in Orlando, Fla., Dr. Kenneth Washington, who was named Lockheed Martin's first "chief privacy leader" in May, laid out a six-step process for U.S. organizations to consider in ensuring data privacy in this age of hyper-connectivity and ever-more-sophisticated information security threats:

• Conduct a privacy assessment or audit. Know what information your organization is gathering, where it's kept, who has access to it, why you're gathering certain types of information, and what you're doing with it all.

• Pick an accountable person to oversee privacy. That responsibility doesn't have to fall to a chief privacy officer -- in this day and age, few companies have the budget for yet another c-suite czar. Opinions differ on whether that person should live in IT, HR, legal, compliance, or some combination. Washington previously served as CTO of Lockheed Martin Enterprise Information Systems and also chaired the company's IT Architecture Council. And he has a Ph.D. in nuclear engineering -- probably not a prerequisite for the privacy job.

• Create a comprehensive privacy program that includes governance policies and procedures, as well as employee education and training and a plan to regularly communicate policies, to customers as well as employees. That program should also include a breach response plan -- few episodes are as embarrassing as a company scrambling to get its act together on the fly.

• Use a risk-based approach to privacy, stressing prevention (see comprehensive program above).

• Anticipate changes to the legal and regulatory landscape -- though good luck with that one. Washington noted that 43 states now have distinct information privacy laws, and laws vary country by country. Then there are the industry regs (Gramm-Leach-Bliley, HIPAA, etc.) and the content-specific one (Can-Spam).

• Apply successes "to create differentiated value." In other words, all else being equal, customers value companies that respect their privacy more than companies that don't. So do potential employees -- especially the younger generation.

Washington concedes that "complete privacy is out of the question. Now it's a matter of degree." But he exhorts companies to start drawing some lines.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
News
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll