Data Privacy Day is an international effort focused on promoting data privacy awareness that takes place on January 28 every year. The National Cyber Security Alliance (NCSA) leads promotional efforts for the U.S. This non-profit organization is dedicated to promoting a safer, more secure and more trusted Internet. In addition to educating consumers on how to protect their online privacy, the organization dedicates itself to showing companies how privacy is good for business. Here are 5 of their recommendations for promoting data privacy within your company:
1. If you collect it, protect it.
If you collect personally identifiable information (PII), be sure your company takes responsibility for protecting it from hackers. If your business doesn’t have to comply with a certain industry’s standards for data privacy, choose a set of standards or develop your own. Inform your staff of these standards and hold training sessions on how to comply with them.
2. Clearly communicate privacy practices and options.
Be open about how you collect and share personally identifiable information (PPI) and information about other companies and make your privacy policy easily accessible to customers and staff. Take responsibility to ensure your customers are informed of any special features, options or privacy settings that are available to them.
3. Go beyond your privacy policy.
Providing customers with your privacy policy is helpful and a best practice, but how many people will actually read it? Go a step further and promote your privacy standards and data protection practices in other ways. For instance, send out short, easy-to-read emails with graphics that clearly communicate your privacy policy, or create an infographic about the steps your company takes to protect data. People like to know how their data is protected, and taking these extra steps can also serve as a promotional tool for your company.
4. Create a culture of privacy.
Make sure your employees are aware of privacy and security threats and what they can do to take preventative action. Holding a staff meeting once a year isn’t sufficient. Communicate tips for protecting privacy on social media, on your company’s messenger platform, through emails and in posters around the office.
5. Monitor partners and vendors.
Your company is responsible for doing due diligence when it comes to the privacy standards of third party partners and vendors. Just because a company claims to be HIPAA or PCI compliant or meet some other compliance requirements doesn’t mean that they do. Evaluate the company according to your standards or ask for third-party certifications. This means a company was evaluated by an independent organization and is not claiming compliance based on their own interpretations.
To learn more about Data Privacy Day and the NCSA, visit staysafeonline.org.