In light of recent revelations of the Cambridge Analytica data exploitation case, many are left feeling dubious about the privacy and protection of their data.
Tech giants in particular have come under the firing line when it comes to how they handle and protect their customers' data.
Uncertainties are sure to linger long after the dust and settled, and tech leaders must do everything they can do reassure and customers and employees of the safety and privacy of their data, before people delete accounts and withdraw data in the frenzied panic of the aftermath.
Information that is entrusted to you by your customers needs to be securely protected, not just to avoid heavy fines and dissatisfied customers, but to protect your reputation. With the hashtag #DeleteFacebook trending worldwide, this is just one poignant example of how sensitive data privacy can be in triggering disastrous consequences for your brand.
The ICO reports that you should only store data for ‘fair processing’. And in their own words, this means “Fairness generally requires you to be transparent – clear and open with individuals about how their information will be used. Transparency is always important, but especially so in situations where individuals have a choice about whether they wish to enter into a relationship with you. Assessing whether information is being processed fairly depends partly on how it is obtained. In particular, if anyone is deceived or misled when the information is obtained, then this is unlikely to be fair."
Consumers and users are growing more aware of vulnerabilities in the storage and security of their data that could put their privacy at risk, so to protect your reputation and the privacy of your customer, here are some actions to consider. As we approach the GDPR commencement date, this media couldn’t have come at a better time , shocking the world into taking data protection seriously.
Have a robust security strategy
You must be able to illustrate that you can act responsibly in possession of sensitive customer data. In developing a robust security strategy, consider a unified approach that takes into account your network, people, and tools. If partnering with vendors, opt for value over cost. Cost value can be ephemeral, as we’ve seen exemplified by the staggering drop in Facebook shares over night, but a strategy that can withstand data threats instills longevity and sustainability into your business.
Your security strategy should be communicated company-wide for business can minimise the risk of data breach even in years to come.
Protect against attacks
The likelihood of attacks can be minimised by taking actionable steps now to reduce the possibility of a data compromise. Data can be compromised in a number of ways including:
Viruses and malware attacks
Data lost in transit
Data shared with unscrupulous third parties
Exposure of sensitive data by employees
Stolen or lost data
To mitigate the above, there are several steps you can take:
Run a data audit to ensure there is no obsolete data sitting on unused IT hardware. Hard deletion of this unused, redundant data could save it from getting into the wrong hands, which could cause serious problems for both you and the subjects
Communicate with your staff regularly to ensure data protection is instilled into their daily routines for example, multi-factor authentication, difficult password combinations, and locking computers when not in use
Ensure a secure strategy for remote devices, and that all smartphones, tablets and PCs are connected using a VPN (Virtual Private Network)
Implement rigorous encryption techniques, such as end-to-end, so data is encrypted while in transit as well as at rest, to avoid it getting lost of stolen in transit
Be transparent and clear and always obtain consent
As long as you consistently communicating whats, whys and hows data will be used and processed, enabling access and erasure, and always obtaining unambiguous consent, you should be within the regulations of the new GDPR (General Data Protection Regulation).
But rather than mindlessly applying the most pertinent rules from the regulation, think about your data protection processes objectively. As a customer, would you be satisfied with your current communication and transparency? If the answer is no, it’s time to address these issues, and ensure that customers are continually updated and informed as to the whereabouts of their data, who has access, and their rights as an individual.