Fortune 1000 companies are emphasizing new privacy initiatives this year, increasing annual privacy budgets to $3 billion in 2015. According to Linda McReynolds, a senior attorney at Marashlian & Donahue, LLC, the CommLaw Group, enterprises can be better positioned to weather unintended data breach emergencies by following these five tips:
- Conduct regular Privacy Impact Assessments (PIAs).Knowing where your risks are and how a data breach could impact your enterprise is the first step in preparing for a breach and subsequent investigation.
- Tighten access restrictions.Access to customer data should be limited on a “need to know” basis, and employees should be trained to prevent unauthorized use of computers, addressing the risks of opening personal email on company computers or using USB drives.
- Data breach preparedness.Be prepared to notify your customers according to state and federal standards. Company statements to consumers should be as accurate as possible to avoid scrutiny from investigators.
- Appoint a privacy professional.According to McReynolds, “Developments at the FCC (Federal Communications Commission) and in Europe point to a growing consensus among regulators on the need for companies to have a privacy officer. Last October, the FCC fined two carriers, TerraCom, Inc., and YourTel America, Inc., $10 million for compromising sensitive personal data after promising to protect it. As part of the settlement, the FCC made a deal of sorts with the companies that it would consider reducing the fine if the carriers took steps to mitigate the impact on customers, with a key step being to appoint a Chief Privacy Officer. This was a rare concession from the FCC, and it sends a signal to the industry that when the FCC reviews data breaches for liability it will be looking directly at the management structure behind a business’ data security apparatus.”