If you’re like the majority of privacy professionals, you know the frustration of trying to get senior management or your board of directors involved with cyber governance.
In fact, many C-suite executives and boards of directors don’t exercise even basic governance when it comes to the privacy and security of their digital assets, according to a recent study by Carnegie Mellon University.1 The study found that less than one-third of the respondents undertake fundamental responsibility for cyber security, such as reviewing policies on privacy and IT security risks. 2
If your enterprise falls into that category, Data Privacy Day may be an excellent tool to put into your management arsenal. Data Privacy Day – recognized every January 28 – is an international day of awareness to empower people to protect their privacy and control their digital footprint.
The legal holiday, first recognized in the United States and Canada in 2008, was spun off Data Protection Day in Europe which was launched in 2007. Domestically, Data Privacy Day is coordinated by the National Cyber Security Alliance, a non-profit, public-private partnership that strives to help everyone be safe and secure online.
While the day of recognition started off slow in the U.S., it’s now gaining momentum. The National Cyber Security Alliance will lead a forum on Jan. 28 at George Washington University with high-profile government and industry leaders. In addition, many other universities, government agencies and private companies are hosting events to recognize the importance of Data Privacy Day. All of this momentum is not only helpful for individuals, but can also be the impetus to drive awareness among corporate boards and senior executives.
Taking it one step further, here are seven recommendations to help your enterprise or your client’s organization get on board when it comes to privacy and IT security risks.
Set the tone from the top. Companies that develop a reputation for having a trusted workplace usually do better than their competitors. A trusted workplace starts at the top with senior management and trickles down to front-line employees. The best way to start is with privacy and security policies that are reviewed and endorsed by senior management.
Conduct security and privacy training. In addition to having policies, you should also train everyone in your organization on best practices for online safety and privacy. With privacy, it’s a good idea to limit access to data to only those individuals who absolutely need the information.
Develop a data breach response plan. The plan should establish a response team, including individuals from both within and outside your organization. Individuals should be identified and their roles should be clearly spelled out. Be sure to include your organization’s senior decision makers as advisors so you’ll have the backing and resources to properly develop and test your plan.
Test your plan annually. Your data breach response plan should be tested and updated regularly, especially if key members of your response team leave your organization.
Keep everyone informed. Always inform senior management of any cyber incident or data breach. Also keep the lines of communication open so top executives know about the privacy and security risks facing your organization.
Review security budgets. Work with senior management to have an IT security and privacy budget that’s separate from the Chief Information Officer’s budget. Review the budget regularly and lobby to have it well-funded.
Purchase and review cyber insurance. With the number of data breaches constantly on the rise, every organization should consider having cyber insurance. After you purchase a policy, be sure to review it annually to make sure it covers all of your organization’s needs.
Although Data Privacy Day is an excellent tool for creating awareness, it’s only once per year. However, the job of educating senior executives and boards on the importance of privacy and cyber security should be practiced on a daily basis.
Footnotes:
1 2012 Carnegie Mellon CyLab Governance survey.
2 2012 Carnegie Mellon CyLab Governance survey.
Michael Bruemmer is Vice President of Experian® Data Breach Resolution at Experian Consumer Direct, the leading provider of online consumer credit reports, credit scores, credit monitoring, other credit-related information, and protection products.
With more than 25 years in the industry, Michael brings a wealth of knowledge related to business operations and development in the identity theft and fraud resolution space where he has educated businesses of all sizes and sectors through pre-breach and breach response planning and delivery, including notification, call center and identity protection services.
