chevron-down Created with Sketch Beta.

ARTICLE

Happy Data Privacy Week: Take Control of Your Data!

Dimple T Shah

Happy Data Privacy Week: Take Control of Your Data!
Kanok Sulaiman via Getty Images

This year’s theme is “Take Control of Your Data.” Here are 7 practical steps to help strengthen the privacy program at your law firm or company:

Data Discovery

Privacy hygiene speaks to how personal data is collected, processed, secured, used, shared, retained, and deleted. Knowing where to begin can feel overwhelming, but here are some pointers to get you started:

  • IDENTIFY the personal and sensitive data your organization collects. Consider all possible channels from computer systems, smartphones, call centers, contractors, web forms to chat bots, vendors, cookies/tracking technology and more!
  • CATALOGUE how data is used and shared.
  • MAP your data flows (internal and external).
  • DISCOVER and track your data lifecycle.

Encryption

Encryption is a powerful tool that helps safeguard personal and confidential data. To implement, consider enabling encryption features on devices. For sensitive data and processes, consider VPN to encrypt your internet connection. Consider exploring professional solutions for advanced data encryption and cybersecurity tools.

Compliance

If your organization is subject to regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulations (GDPR) as well as state privacy laws (yes, the patchwork of it all!) then it is your responsibility to protect personal information pursuant to these mandates too. Take a privacy-and-security-by-design approach to data collection and storage. Train your employees so that they understand their responsibilities in safeguarding personal information. Consider implementing frameworks such as the NIST Privacy Framework or ISO 27005. Champion technical controls such as securing servers that store sensitive data and non-technical measures such as restricting data access to those who need it for their respective job functions.

Monitoring Third-Party Access to Data

Our world is interconnected thanks to cloud and SaaS environments, making data vulnerable. To reduce supply chain-related privacy incidents, consider cybersecurity and vendor risk management tools (e.g., vendor questionnaires and periodic audits). A monitoring program also unlocks a trust and safe professional ecosystem for clients and consumers.

Update Privacy Notices and Disclosures

Ask yourself if your business processes have recently changed and then ask whether this change is reflected in your public-facing documentation. Transparency on data collection, use, and sharing is key. Don’t forget to explain how cookies and other tracking technologies work at your organization.

Audit Your Rights and Preference Management Process

Beyond compliance, providing consumers with control over managing their personal information promotes your commitment to data privacy and your business! Make sure your “rights requests” processes are accessible, understood, and easy to complete. Also confirm that established processes are still working efficiently and up-to-par with applicable privacy laws.

Increase Security Controls

Enable multi-factor authentication (commonly referred to as MFA): This adds an extra layer of security to your accounts. Stay informed about changes in data breach notification laws and work closely with your Security team and additional stakeholders on implementation. Consider voluntary external third-party security audits.

Author's note: The views expressed are my own and they do not reflect the opinions of my employer and affiliated organizations. The views expressed are not to be construed as legal or professional advice.

    Author