Canadian Security Magazine

News Data Security
Commissioner Ann Cavoukian and Eduard Goodman, Chief Privacy Officer, IDT911, outline the basics for mitigating privacy risks

As a small business becomes more networked and data-intensive, personal information and customer trust are critical assets that must be protected. Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, and Eduard Goodman, Chief Privacy Officer of IDT911, have released a new white paper, Privacy Exposures and Risk Reduction Strategies for Small Organizations, to help small business avoid data breaches that are harmful to both brand reputation and costly.


October 25, 2013
By Canadian Security

Topics

Privacy policies and procedures alone, without a concrete strategy for implementation, will not protect an organization from privacy risks. Applying the basic concepts of Privacy by Design in a small enterprise setting is essential to avoiding the pitfalls of harmful data leaks. The new paper takes those proven concepts and incorporates them into the following seven steps that organizations should consider adopting:
 
1. Implement a privacy policy that reflects the privacy needs and risks of the organization. Consider conducting an effective Privacy Impact Assessment.
2. Link each requirement within the policy to a concrete, actionable item, such as an operational process, controls and/or procedures, in effect translating each policy item into a specific practice that must be executed.
3. Demonstrate how each practice item will actually be implemented.
4. Develop and conduct privacy education and awareness training programs to ensure that all employees understand the policies/practices required, as well as the obligations they impose.
5. Designate a central “go to” person for privacy-related queries within the organization.
6. Verify both employee and organizational execution of privacy policies and operational processes and procedures.
7. Proactively prepare for a potential privacy breach by establishing a data breach protocol to effectively manage a breach.
 
“Small organizations that follow the guidance set out in this paper can achieve much higher operating efficiencies,” said Commissioner Cavoukian. “Instead of risking the enormous cost of a privacy breach, organizations that proactively take measures to prevent breaches make a cost-effective investment – leading to a substantial privacy payoff.”
 
“The headlines focus on privacy breaches at large corporations, but the reality is that small organizations are equally—if not more—vulnerable to privacy risks,” said Eduard Goodman, chief privacy officer for IDT911. “This paper outlines a sound approach to privacy management for smaller organizations that may lack the resources and expertise to reduce security risks.”
 
The full paper is available for review at:  http://bit.ly/17dUZeg