FAQ’s

Yes. You can’t have privacy without security. Privacy is concerned about the “what,” such as what information you are trying to protect, including personal information about your employees and customers (names, account numbers) and business critical proprietary information. Security is the “how.” How do you protect that information from outsiders? How do you allow access only to those with a need to know?

The information you hold about your customers and your business processes is valuable. Collecting only what you need, storing, disclosing, transferring and disposing of it securely will reduce risks, possibly reduce costs of doing business and enhance your brand.

As used in US privacy law and information security, PII is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. This includes, among other things, first and last name, email address, government ID, such as Social Security Number, drivers’ license number, bank account number or credit card number, and IP address. This definition and data elements differ slightly in US and various laws around the world, and in context of various sectoral laws, such as 650-663 health (HIPAA) and financial services (GLBA).

Sensitive information is information, that if revealed, could be detrimental to an individual, such as healthcare information, lifestyle data, mode of living, political or religious views, sexual orientation.

This is non-public information about your business, including financial information; strategic plans; intellectual property, such as patents, business processes.

If your business is subject to regulations, you may be legally required to identify and organize your data in a specific manner and to have a documented information security program. Even if your business is not highly regulated, it’s best practice to document what you have and where it is and to have a basic framework outlining policies, procedures and training around proper data handling. Contact us to learn more about how we can help you develop a framework to protect your data.

You use data to run your business and manage your employees. You can do this more effectively if you know what data you have and where it is stored. In the event of a data breach you will be in a better position to respond and remediate if you know where the impacted data is located and what the details are about that data. Contact us to learn more about how we can help you organize and protect your data.

You should have a strong privacy/security and overall data governance framework that is tailored to your business and how you use data. A framework includes both public facing policies, such as a website privacy policy and internal facing policies, procedures, processes and training to guide your employees. Contact us and we will work with you to develop a framework that fits your business.

An effective public-facing privacy policy tells your customers and visitors to your website what data you collect and how you use it. You should say what you do and do what you say.

A strong privacy framework includes policies that describe how you use data and the rules for using it properly. Procedures and processes guide IT and operations on how to implement these policies. Proper training ensures that employees know their responsibilities for properly handling personal, sensitive and business confidential data. Contact us and we will work with you to develop the right policies, procedures and training that protects your business and contributes to your success.

Contact us and we will work with you to get an understanding of how your business works and how you use data and then build a program that meets your needs and enhances your business.