Data can make or break an organization, depending on how it’s used. If your business is starting off the New Year by evaluating your privacy and data management system or implementing a new management strategy, be sure to avoid these three common mistakes.
1. Improper Cloud Strategies
As the world becomes more data-driven, cloud storage has become a common practice. However, its meaning and impact on organizations sending and storing sensitive data are somewhat murky.
Today, businesses can upload files to a server maintained by a cloud provider like Dropbox or Google Drive, rather than (or in addition to) storing data on their own physical hard drives. Unfortunately, cloud providers routinely serve multiple customers simultaneously.
RISKS: Cloud storage solutions may raise the scale of exposure to possible breaches and vulnerabilities, both accidental and deliberate.
REMEDY: PIPEDA establishes rules for governing transfers of personal information to cloud providers. Other Access and Privacy laws require personal information to be protected against unauthorized access, use and disclosure. To protect your organization:
- Have a reputable privacy and data management expert evaluate your data storage and security measures.
- Choose a cloud provider with Canadian operations.
- Review the terms of service or contracts and challenge your provider to meet your legislative requirements and operational needs.
2. Bring Your Own Device Vulnerabilities
The BYOD trend continues to gain momentum. More and more companies are permitting employees to use their personal devices for professional practices. While there are benefits to accessing corporate resources from personal devices, the risks can’t be ignored.
- Malicious applications
- Lost devices
- Data leakage
- Uncontrolled and unauthorized access
- Consult with HR to discuss employee eligibility, records management, training and support, employee privacy, audit requirements, data usage limits and backup, IT strategy, termination policy and other legal considerations.
- Develop and implement a BYOD policy that considers all of the above factors.
- Ensure no employee is approved to use his or her personal device without understanding and agreeing to the policy.
3. Untrained Staff
Human error and internal workforce vulnerabilities continue to be the leading cause of data breaches and cyber incidents. Undoubtedly, lack of staff training is leaving organizations vulnerable.
RISKS: Employees who lack training on security, data privacy, and compliance risk internal negligence that can cause harm to individuals, to the public and/or your organization’s revenue and reputation.
- Develop clear policies and procedures, complete with sanctions for beaches.
- Ensure all of your employees are trained on compliance at the point of hire and as part of performance assessments.
- Hold training regularly and in response to organizational or legislative changes.
Take the first step towards protecting your organization from privacy and data management risks. Cenera’s Privacy and Information Management professionals are committed to providing outstanding data governance and security strategies, policy development support, and privacy training.
Contact us today to book a consultation!
Never miss an update, click here to subscribe to our monthly newsletter.