Protecting Private Data
Organizations are increasingly collecting personal information on their customers to better understand their markets. This data must be carefully managed to protect the privacy of the individual customers and also to safeguard this potentially valuable information for the benefit of the organization that has gathered it.
Managing personal data
Privacy is a big concern in global business today, and perhaps one of the most difficult to manage. Businesses use technology to collect information about their customers, and maintain huge databases of corporate intelligence[] information. Many organizations sell their products over the internet, requiring their customers to reveal information, such as credit card numbers, social security numbers, and other personal data. Websites can track the types of purchases consumers make, and some companies even have the technology to track the geographical location of consumers.
Corporate intelligence—information gathered by an organization with the goal of monitoring changes and identifying opportunities. This data can include information on customers, as well as on markets, political trends, competition, or new technologies.Understanding the issues
The ready availability of information raises a number of ethical concerns, and consumers are increasingly worried about the security of their data. Information can be collected on the internet with or without a person’s knowledge. The internet makes it easy for businesses to share or sell information to other parties. Even worse, the online collection of personal information enables computer hackers to gain access to the consumer’s personal details, laying them open to identity theft[]—a crime that is resulting in billions of dollars of losses worldwide.
Identity theft—using someone else’s personal information to assume their identity, for financial gain.Taking steps
Laws have been created to help protect individuals’ privacy with respect to personal data. In Europe, the European Union Directive on Data Protection requires organizations that collect personal information to explain how that information will be used and receive the individual’s permission first. The US has no overall law: instead, each business sector tends to have its own data protection legislation. Many major organizations around the world have responded by putting policies in place to address the protection of information. Some reveal their policies in privacy statements that consumers can access.
Setting your policy
Consider how your organization deals with personal data, and if appropriate, take steps to ensure that you are managing your customers’ private data responsibly. Some nonprofit organizations offer accreditation, which can give customers confidence in your privacy policies. BBOnline, for example, provides a “seal” that businesses can display on their websites to show that they meet certain standards in protecting consumer privacy.
Manage private information
Ensure board/senior management buy-in.
Appoint a project manager.
Determine precisely why you collect, use, and/or distribute personal information.
Review the information you currently have.
Review the methods used by your business to collect personal information.
Keep records of why you have collected the information and the consent to do so.
Appoint a privacy officer.
Develop a firm-wide privacy policy.
Train your staff in data security.
Ensure personal information is secure.
Ensure your third parties and vendors comply with privacy legislation.
Protecting your trade secrets
You should also protect corporate intelligence for the benefit of the business; this is information that could potentially give your organization competitive advantage in its market. With the growth of Internet technology and local networks, trade secrets have come increasingly under threat. Computer hackers break into computer systems to access company trade secrets and use them for their own gain. Hackers also use a technique called social engineering, in which they use tricks to discover people’s passwords. Some hackers use a direct approach, watching over people’s shoulders as they type in their passwords. Other hackers gain enough personal information about a person to guess his or her password. Some hackers even go so far as to look through a company’s waste to find information that reveals trade secrets. Hackers can also break into wireless networks to access information, or can eavesdrop on trade secrets by recording and then decoding a fax machine.
Businesses must therefore take extra precautions to make sure their trade secrets are secure. There are five key steps that you can take to help protect your corporate intelligence and keep your trade secrets secret.
Five steps to protecting your corporate intelligence
- Calculate the risk
Consider whether the information you are collecting and using is crucial for your organization’s activity. Would losing the information, even for the briefest period, be harmful to your organization? Is the information restricted or sensitive?
- Define procedures
Apply policies that define procedures for system failures or threats to and breaches of security. Create a confidentiality agreement to be signed by all workers that includes information on disclosure practices, data use, and employee responsibility.
- Implement access controls
Put in place processes that restrict physical or electronic access to sensitive information, such as passwords or firewalls. Use shredders to destroy sensitive documents that you do not need to keep.
- Communicate the changes
Share information with employees and make certain they know exactly who is accountable for what, and what their responsibilities are in protecting valuable company information.
- Reinforce accountability
Hold individuals responsible for any problems (such as confidentiality leaks). Take disciplinary action against any employees who violate their responsibilities.