Personal information like names, addresses, phone numbers, bank and credit card account numbers, income and credit information and social security numbers are important factors in establishing and maintaining business and employment relationships. Conducting business in a safe, efficient and effective manner includes development and maintenance of safeguards to protect the security and integrity of personal data.
Identifying Data at Risk
Because mobile technology is pervasively used to transfer information, what are the risks around transferring customer or employee information via personal smartphones, email, social media, and public or shared networks? Each organization operates in an environment which is both similar to its competitors/cohorts and unique to itself. How do our customers and employees leverage technology to work faster? Which of our customers’ data is at risk? Which of our employees’ data is at risk?
Developing a Written Information Security Plan
A Written Information Security Plan describes:
1. How the business or employer protects customer and employee information
2. Details the types of data collected and
3. How the information is useful in the course of business
Identifying which information is useful to deliver the product or service, comply with legal requirements, covenants, industry standards, etc. helps decision makers design data collection within appropriate limits. Include third parties to whom the organization may transfer customer or employee data. Matching Data Safeguards like multifactor authentication with Data at Risk is part of designing a Written Information Security Plan appropriate to the operating environment. Engaging employees in implementing Data Safeguards together with performance metrics instills a sense of ownership and trust; important supports in achieving consistent adoption across the organization.
Rather than an ever-increasing, confusing and shifting mass of dos and don’ts a Written Information Security Plan:
-
Designs data collection within appropriate limits
-
Gauges the overall likelihood of a data security breach
-
Establishes and maintains trust in business and employment relationships