10 things businesses need to know about privacy

British Columbia Information and Privacy Commissioner Michael McEvoy says a customer’s trust is one of the most valuable assets a business, regardless of size , may have.

British Columbia Information and Privacy Commissioner Michael McEvoy says a customer’s trust is one of the most valuable assets a business, regardless of size , may have.

“Protecting people’s personal information is crucial to maintaining that trust,” McEvoy said. “Organizations need more than good intentions to get there – they need a plan.”

He said the commissioner’s office’s PrivacyRight program offers a step-by-step guide for businesses to create a comprehensive privacy management program.

So what are the top 10 things companies should consider to protect customers’ personal information?

1. Assign a privacy officer: Depending on the size of your business, this may be you, but you should have a dedicated staff member who can oversee how your organization handles personal information and respond to privacy-related questions or complaints.

2. Know what you have: Take an inventory of all personal information in your custody, why you have it, how sensitive it is, and where it is stored.

3. Assess the risk: Determine whether you have adequate security measures in place to protect the personal information in your custody.

4. Write understandable privacy policies: Keep it simple and in plain language, no “legal jargon”.

5. Develop and follow a records retention schedule: Don’t cling to personal information that no longer serves a legitimate business purpose.

6. Develop a breach management plan: Having a breach management plan in place gives you a plan to ensure that if you are the victim of a privacy breach, you are able to mitigate the worst effects and work quickly to restore privacy. customer confidence.

7. Train and train again: Build confidentiality into your employee training protocol. (See ICPO’s PrivacyRight program for a host of resources suitable for this purpose.

8. Hire someone to test your defenses: Hiring someone to perform penetration testing or penetration testing, such as simulating a cyberattack on your data, is one way to see how well your defenses would withstand a real attack.

9. Know your partners: Although banks are highly regulated and this regulation provides a level of trust, the same is not always true for data storage. Research the people who will process your customer data thoroughly.

10. Review and revise: Privacy threats are constantly changing, so it’s important to ensure that your privacy policies, safeguards, breach response plans, and training are updated regularly.

— With thanks to the Office of Information and Privacy for compiling the lists at the request of Glacier Media.

jhainsworth@glaciermedia.ca

Twitter.com/jhainswo

Comments are closed.