This year’s theme is “Take Control of Your Data.” Here are 7 practical steps to help strengthen the privacy program at your law firm or company:
Data Discovery
Privacy hygiene speaks to how personal data is collected, processed, secured, used, shared, retained, and deleted. Knowing where to begin can feel overwhelming, but here are some pointers to get you started:
- IDENTIFY the personal and sensitive data your organization collects. Consider all possible channels from computer systems, smartphones, call centers, contractors, web forms to chat bots, vendors, cookies/tracking technology and more!
- CATALOGUE how data is used and shared.
- MAP your data flows (internal and external).
- DISCOVER and track your data lifecycle.
Encryption
Encryption is a powerful tool that helps safeguard personal and confidential data. To implement, consider enabling encryption features on devices. For sensitive data and processes, consider VPN to encrypt your internet connection. Consider exploring professional solutions for advanced data encryption and cybersecurity tools.
Compliance
If your organization is subject to regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulations (GDPR) as well as state privacy laws (yes, the patchwork of it all!) then it is your responsibility to protect personal information pursuant to these mandates too. Take a privacy-and-security-by-design approach to data collection and storage. Train your employees so that they understand their responsibilities in safeguarding personal information. Consider implementing frameworks such as the NIST Privacy Framework or ISO 27005. Champion technical controls such as securing servers that store sensitive data and non-technical measures such as restricting data access to those who need it for their respective job functions.