Virtualization Technology News and Information
To keep your organization secure, have all employees take a "personal privacy pledge"

data privacy 

By Rajesh Ganesan, Vice President, ManageEngine

With data breach penalties skyrocketing, many corporations have finally made data privacy a priority-and rightly so. However, it's important to remember that privacy does not rest solely on the shoulders of an organization's DPO or CISO; in fact, it shouldn't even fall solely on the privacy team. After all, the privacy team is typically a small percentage of the overall organization. Ultimately, data privacy is the responsibility of every single employee, and this is where the personal privacy pledge comes in. Essentially, this is a pledge that everyone takes, whereby they promise to work alongside their co-workers to make data privacy a priority in their lives.

The best way to avoid hefty fines and keep your organization secure is to make every single employee feel responsible for data privacy. At a minimum, everyone should use 2FA, as well as varied, complex passwords; personal computers should never be left unlocked and unattended at workstations, and employees should be cognizant of social engineering attacks, not only while they're at work but also during non-work hours. A personal privacy pledge is a promise to do all of these things, and more. It's an "all hands-on deck," "no man left behind" type of effort.

Stress education

The first element in the equation is to bring all of your employees to the same education level. At our organization, it is a huge red flag if any employee, consultant, or contractor doesn't know what a "data processor" or "data controller" does. In fact, we mandate that teams take periodic quizzes. From the results of these quizzes, we then assign each team their own "data privacy score," which is then shared internally-much like they do with students' test scores in law school. By no means is this an attempt to shame teams who know less about privacy than other teams; on the contrary, it's a way to stress how vital it is that all employees are on the same page. Although we expect our employees to stay up to date on data privacy legislation, such as the GDPR and CPRA, we stress privacy principles rather than laws.

Emphasize principles

There will always be new privacy laws coming down the pike. As long as you have the fundamental privacy principles covered, your organization will only have to make minor changes to account for these new laws. For example, it's important that your employees constantly think about data minimization. They should only collect customers' data that they absolutely need, and this data should be kept for the shortest amount of time possible. On the R&D side of things, designers and developers should consider privacy by design, which is the notion that it's important to consider all products' potential privacy repercussions from the products' inception. The personal privacy pledge ensures that employees keep principles like these top of mind.

Stay vigilant

This pandemic has reminded us just how important it is to keep our eyes and ears open. We saw an incredible 6,000 increase in phishing attacks over the last year, as bad actors rushed to capitalize on workers' apprehension and general lack of data privacy knowledge. Again, it's important that employees remain vigilant outside of traditional 9-5 work hours as well. As we work remotely and increasingly use personal devices to access corporate data at home, it's vital that we always stay alert. Software solutions equipped with user behavior analytics can help to identify any anomalous, and perhaps nefarious, activity on the corporate network. Unusual activity on the network could very well be the result of a successful phishing attack. The personal privacy pledge emphasizes how vital it is to be cognizant of these types of attacks.

It is worth emphasizing that the personal privacy pledge isn't an effort to control your employees behavior; in fact, the pledge is effective because it empowers the individual employee. Over time-through education, awareness, and a focus on principles-data privacy considerations become second nature for all employees. Although the personal privacy pledge dauntingly begins with a steadfast commitment to privacy, it quickly morphs into a relatively effortless endeavor. So, have your employees take the pledge; this time next year, you'll be happy you did.



Rajesh Ganesan 

Rajesh Ganesan is the Vice President of Product at ManageEngine, a division of Zoho Corporation. He has over 20 years' experience in building enterprise IT products around security, access management, and service management. He spends as much time as possible interacting with thousands of customers around the world and is passionate about solving IT problems with a simple, yet effective, approach. He has built many successful products at ManageEngine, focusing on delivering enterprise IT management solutions as SaaS.

Published Tuesday, February 23, 2021 7:41 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2021>