During the summer months, when colleagues and clients are on holidays and work is slower, it’s the perfect time to prioritize and strengthen your information and privacy management program.
2020 has been a year of disruption and transformation, and when the crisis eases, we will have entered a new digital normal. Have your privacy policies kept up with the digital transformation and new ways of working? It’s best not to leave the answer to that question up to chance.
Right now you have a great opportunity to take a step back to confirm that your privacy program ensures compliance with the letter of the law, protects your sensitive data (no matter where you’re working), and proactively provides long-term value to your organization.
Here are a few ways you can turn downtime into privacy time.
1. Assess the current state of your organization’s privacy program, including privacy policies, breach response protocols and training.
- Are your policies linked to applicable law? Do they need to be revised, given the shift to remote work?
- In the event of a privacy breach, is the response plan clear and accessible by everyone on the team?
- Have your employees received privacy and information management training? Is it time for a refresher considering the rapid transformation to digital and remote work
2. Undertake a privacy gap analysis to identify shortfalls in your network, systems and operational processes.
This data will provide insight into your organization’s current level of compliance and build awareness of crucial privacy issues and risks. Once you’ve identified where your organization is most vulnerable, take active steps toward remediation.
3. Work with your IT group to create the procedures around securing data for your remote employees.
- Use strong passwords and a companywide password manager
- Set up two-factor authentication
- Secure home routers
- Back up data
- Look out for phishing emails
4. Refresh your data protection knowledge by investing in Access and Privacy Training.
- Brush up on privacy regulations like PIPA, PIPEDA, HIA, GDPR and other jurisdictional and sector-specific privacy laws.
- Learn the criteria, policy, processes and strategies for collecting, using, disclosing and protecting personal information.
- Work through questions, scenarios, and exercises that apply the legislative provisions of privacy laws to real-life privacy situations and problems.
5. Integrate your privacy program within your culture and existing business processes.
- Build and align the importance of privacy into your organizational culture, values system and day-to-day practices.
- Work with senior leaders to understand the connection between a strong privacy culture and the organization’s ability to deliver on business objectives and gain client loyalty and trust.
- Demonstrate the value of privacy to your organization’s brand, reputation and bottom line.
- Define the critical business functions within your organization, such as HR, project management, procurement/contract management, risk management, performance management, and align and embed your privacy program into each department.
Is lack of privacy and information governance leaving your organization open to risk? Cenera’s Privacy and Information Management team provides expert advice to Privacy Officers, Security Managers, and Information Management Professionals, helping public bodies and private businesses safeguard sensitive data and manage access requests securely while mitigating operational, legal and reputational risks. We also regularly undertake half and full-day training, now available remotely, on all aspects of Privacy and Information Management. You can find upcoming events here.
Why risk a mistake? Contact us today to book a consultation!
Never miss an update, click here to subscribe to our monthly newsletter.