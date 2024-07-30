Privacy compliance is only the beginning. While following the law can help avoid penalties, it may not be enough to fully protect personally identifiable information (PII) and other sensitive data from hackers, misuse, and other privacy threats.

Some common principles and practices organizations use to bolster data privacy include:

Data visibility

For effective data governance, an organization needs to know the types of data it has, where the data resides, and how it is used.

Some kinds of data, like biometrics and social security numbers, require stronger protections than others. Knowing how data moves through the network helps track usage, detect suspicious activity, and put security measures in the right places.

Finally, full data visibility makes it easier to comply with data subjects’ requests to access, update, or delete their information. If the organization doesn’t have a complete inventory of data, it might unintentionally leave some user records behind after a deletion request.

Example

A digital retailer catalogs all the different kinds of customer data it holds, like names, email addresses, and saved payment information. It maps how each type of data moves between systems and devices, who has access to it (including employees and third parties), and how it is used. Finally, the retailer classifies data based on sensitivity levels and applies appropriate controls to each type. The company conducts regular audits to keep the data inventory up to date.

User control

Organizations can limit privacy risks by granting users as much control over data collection and processing as possible. If a business always gets a user’s consent before doing anything with their data, it’s hard for the company to violate anyone’s privacy.

That said, organizations must sometimes process someone’s data without their consent. In those instances, the company should make sure that it has a valid legal reason to do so, like a newspaper reporting on crimes that perpetrators would rather conceal.

Example

A social media site creates a self-service data management portal. Users can download all the data they share with the site, update or delete their data, and decide how the site can process their information.

Data limitation

It can be tempting to cast a wide net, but the more personal data a company collects, the more exposed it is to privacy risks. Instead, organizations can adopt the principle of limitation: identify a specific purpose for data collection and collect the minimum amount of data needed to fulfill that purpose.

Retention policies should also be limited. The organization should dispose of data as soon as its specific purpose is fulfilled.

Example

A public health agency is investigating the spread of an illness in a particular neighborhood. The agency does not collect any PII from the households it surveys. It records only whether anyone is sick. When the survey is complete and infection rates determined, the agency deletes the data.

Transparency

Organizations should keep users updated about everything they do with their data, including anything their third-party partners do.

Example

A bank sends annual privacy notices to all of its customers. These notices outline all the data that the bank collects from account holders, how it uses that data for things like regulatory compliance and credit decisions, and how long it retains the data. The bank also alerts account holders to any changes to its privacy policy as soon as they are made.

Access control

Strict access control measures can help prevent unauthorized access and use. Only people who need the data for legitimate reasons should have access to it. Organizations should use multi-factor authentication (MFA) or other strong measures to verify users’ identities before granting access to data. Identity and access management (IAM) solutions can help enforce granular access control policies across the organization.

Example

A technology company uses role-based access control policies to assign access privileges based on employees’ roles. People can access only the data that they need to carry out core job responsibilities, and they can only use it in approved ways. For example, the head of HR can see employee records, but they can’t see customer records. Customer service representatives can see customer accounts, but they can’t see customers’ saved payment data.

Data security measures

Organizations must use a combination of tools and tactics to protect data at rest, in transit, and in use.

Example

A healthcare provider encrypts patient data storage and uses an intrusion detection system to monitor all traffic to the database. It uses a data loss prevention (DLP) tool to track how data moves and how it is used. If it detects illicit activity, like an employee account moving patient data to an unknown device, the DLP raises an alarm and cuts the connection.

Privacy impact assessments

Privacy impact assessments (PIAs) determine how much risk a particular activity poses to user privacy. PIAs identify how data processing might harm user privacy and how to prevent or mitigate those privacy concerns.

Example

A marketing firm always conducts a PIA before every new market research project. The firm uses this opportunity to clearly define processing activities and close any data security gaps. This way, the data is only used for a specific purpose and protected at every step. If the firm identifies serious risks it can’t reasonably mitigate, it retools or cancels the research project.

Data privacy by design and by default

Data privacy by design and by default is the philosophy that privacy should be a core component of everything the organization does—every product it builds and every process it follows. The default setting for any system should be the most privacy-friendly one.

Example

When users sign up for a fitness app, the app’s privacy settings automatically default to “don’t share my data with third parties.” Users must change their settings manually to allow the organization to sell their data.