Click on Frequently Asked Questions below to get a basic understanding of 070-455 the importance of privacy and data security for your business.
Is there a difference between privacy and security?
Yes. You can’t have privacy without security. Privacy is concerned about the “what,” such as what information you are trying to protect, including personal information about your employees and customers (names, account numbers) and business critical proprietary information. Security is the “how.” How do you protect that information from outsiders? How do you allow access only to those with a need to know?
Why is privacy and data security important?
The information you hold about your customers and your business processes is valuable. Collecting only what you need, storing, disclosing, transferring and disposing of it securely will reduce risks, possibly reduce costs of doing business and enhance your brand.
What is personally identifiable information (PII)?
As used in US privacy law and information security, PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. This includes, among other things, first and last name, email address, government ID, such as Social Security Number, drivers’ license number, bank account number or credit card number, and IP address. This definition and data elements differ slightly in US and various laws around the world, and in context of various sectoral laws, such as 650-663 health (HIPAA) and financial services (GLBA).
What is sensitive information?
Sensitive information is information, that if revealed, could be detrimental to an individual, such as healthcare information, lifestyle data, mode of living, political or religious views, sexual orientation.
What is strategic/business confidential information?
This is non-public information about your business, including financial information; strategic plans; intellectual property, such as patents, business processes.
Why should my organization care about data?
If your business is subject to regulations, you may be legally required to identify and organize your data in a specific manner and to have a documented information security program. Even if your business is not highly regulated, it’s best practice to document what you have and where it is and to have a basic framework outlining policies, procedures and training around proper data handling. Contact us to learn more about how we can help you develop a framework to protect your data.
Why is it important to know where my data is?
You use data to run your business and manage your employees. You can do this more effectively if you know what data you have and where it is stored. In the event of a data breach you will be in a better position to respond and remediate if you know where the impacted data is located and what the details are about that data. Contact us to learn more about how we can help you organize and protect your data.
What sort of precautions should my organization take if we are using personal data, sensitive info or confidential info?
What are the elements of a strong privacy framework?
A strong privacy framework includes policies that describe how you use data and the rules for using it properly. Procedures and processes guide IT and operations on how to implement these policies. Proper training ensures that employees know their responsibilities for properly handling personal, sensitive and business confidential data. Contact us and we will work with you to develop the right policies, procedures and training that protects your business and contributes to your success.
How do I develop a privacy framework?
Contact us and we will work with you to get an understanding of how your business works and how you use data and then build a program that meets your needs and enhances your business.