Have today's privacy policies made us a society of liars?
by Dana Simberkoff - Senior Vice President of Risk Management and Compliance, AvePoint - Monday, 9 June 2014.
The importance of data privacy is becoming more and more prevalent: From major retailer breaches to identity and healthcare theft, the general public is growing more aware of the risk of data breaches and the importance of data privacy in all aspects of their online lives. In fact, a recent GfK survey of U.S. citizens found that 88 percent of respondents are concerned about the privacy of their personal dataówith 59 percent stating their concern has risen in the last 12 months.

In a world where a click of a mouse or a swipe of a card provides organizations with an in-depth look into our most personal information, consumers must demand corporations take actions to foster (or regain) their trust. Further, they must become more aware of corporations that are accountable and transparent with how they collect sensitive data and what they do with it.

However, a dilemma is at hand: Companies often cannot or do not perform the necessary technology evaluations prior to implementation to ensure data privacy, while consumers assume businesses are taking the extra step for their safety. These actions are identified and disseminated to customers through documents such as privacy policies. This brings up two questions: First, can these legal forms serve as catchalls? Second, does the public really understand privacy policies?

The short answer to both of those questions is no. Why? We donít read them. We blindly accept them to avoid reading lengthy, legal jargon-filled content and to begin using the service we downloaded, bought, or installed. So in the end, the general public is left with the desire to know about how companies protect them but lie about reading what is presented to them. How can organizations overcome this massive conundrum?

Before looking to change your customers, an organization must first address the issues from within. This means enforcing and measuring success or failure of your organizationís privacy policy internally prior to externally. We must trust ourselves before we can expect the public to gain trust. Organizations often turn to software to identify risks and provide solutions on an ongoing basis. Because information is constantly being created, proactive assessments must occur on an ongoing basis in order to create a comprehensive lifecycle approach to risk mitigation. When selecting the correct technology for your organization, be sure to select a solution that can do the following:

Say It: After establishing information privacy policies to ensure sensitive or regulated content is classified, secured, and protected appropriately; be sure your selected tool scans enterprise content stored on web and cloud platforms against a wide range of U.S., international, and vertical-specific compliance regulations and guidelines. Your organization may want to automate these assessments to be sure they happen on an ongoing basis.

Do It: Determine the severity of risk-defined business data with advanced risk calculators to help compliance personnel prioritize resolution. Look for a software tool with options such as highlighting areas that violate the specified compliance standards or guidelines as well as providing multiple perspectives on potential risk within content using out-of-the-box and customizable algorithms, helping you quickly address non-compliant information.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th