Data Privacy: 3 Reasons Why Your Company Should Care

Thursday, March 10, 2011

Lindsay Walker


In some situations, data privacy can be a tricky balancing act when it comes to multinational organizations attempting to fulfill the needs of organization and local laws. 

In my opinion, no company should have to question the importance of data privacy. Ultimately, data privacy boils down to protecting the rights of your clients, customers, employees and corporate information.

Data protection issues impact some industries more than others due to the nature of the information they handle to complete a transaction. As I mentioned in a previous post about corporate security, it's a big topic to tackle, so this is just a small piece of the puzzle.

Who It Matters To

I came across the document "The Global Privacy and Information Security Landscape FAQ" prepared by Protiviti and Pillsbury Winthrop Shaw Pittman LLP. According to the document, the types of companies most vulnerable to data privacy risks are:

  • Banks, credit card companies and other players in the financial services industry.
  • Education (universities and colleges)
  • Social networking websites, online marketplaces, etc.
  • Healthcare
  • Retail and marketing companies.
  • Government agencies (voter registries, census, real estate registers, etc.)

Why It Matters

There are three main reasons why companies should be concerned about data privacy:

1. It's the Law

You have to - it's as simple as that. There's some information that's just not meant for the public to access. A number of countries and regions have established data privacy laws to govern the way personal data is handled, transferred and stored. According to the Protiviti and Pillsbury document:

"There are myriad consumer privacy and data protection requirements globally, including, for example, the European Union's Data Protection Directive, numerous member state requirements, the US Safe Harbor Agreement, the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting ACT (FCRA)."

In addition to this list Canada has developed PIPEDA, which the EU has considered adequate legislation, allowing for information to be sent across borders to Canada.

2. Keep Your Reputation Intact

Companies now collect more information about their customers than ever before. Compliance with privacy laws and how companies handle personal information significantly impacts a company's reputation.

Since privacy controls have become a cross-border concern, companies put their reputations on the line should they fail to comply with the necessary laws. 

Companies may also lose out on potential business or partnership opportunities by failing to take privacy into account. Data breaches regularly made their way into headlines in 2010, demonstrating to companies that it's impossible to keep privacy breaches on the down low.

3. Customer Satisfaction

Your company worries about where its information goes, just like your customers worry about what your company does with their information once they hand it over.

Have you ever had one of your service providers call you and report that your account has been compromised and you have to go in, receive a new card, change the PIN or other activities along those lines? It's annoying - and a pain in the butt.

You're also likely to be hesitant about using that company's services because of the mishap. I'll admit, I've canceled my services with a provider because they were calling me every few weeks stating that accounts had been compromised.

Complying with privacy laws and taking the necessary precautions to keep the hands of hackers off of your customers' information will leave you with loyal and happy clients - and they'll stick around longer too!

Possibly Related Articles:
Legal Privacy Enterprise Security Data Loss Prevention Controls
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.