"Organizations need to address privacy not only because it is legally required and the right thing to do, but also because it is necessary for keeping customer trust, maintaining customer loyalty and support, and improving the corporate brand," asserts Cutter Consortium Senior Consultant Rebecca Herold as Guest Editor of Cutter IT Journal's "Avoiding Privacy Pitfalls" issue.
In many parts of the world, privacy is considered a basic human right, or as the EU Data Protection Directive puts it, privacy safeguards are "for the protection of the private lives and basic freedoms and rights of individuals." It has only been in the past few years, however, that organizations have started to noticeably address privacy challenges and dedicate the resources necessary to effectively deal with the myriad of privacy issues and requirements.
This issue of Cutter IT Journal contains privacy advice and procedures that every corporation and individual should follow to curb the misuse of personally identifiable information.
Rebecca Herold highlights 10 security pitfalls to avoid:
Inappropriate access to the network or computer systems
Lost or stolen computers and computer storage media (backup tapes, hard drives, CDs, etc.)
E-mail messages with clear-text confidential information sent or forwarded inappropriately
Fraud activities perpetrated by outsiders, insiders, and combinations of both
Hackers gaining unauthorized access to personally identifiable information
Information exposed online because of inadequate controls
Insiders inappropriately using personally identifiable information
Confidential paper documents being given to people outside the organization (e.g., donated to schools/churches as scrap paper) instead of being shredded
Improper disposal of media containing personally identifiable information
Password compromise that allows access to personally identifiable information
Andrew Jones, Head of Security Technology Research at the Security Research Centre at British Telecommunications and contributor to this issue of Cutter IT Journal says, "The failure of an organization to specify adequate security measures for the protection of personally identifiable information represents a significant managerial shortcoming and a lack of appreciation of the legal, statutory, and, in some cases, trade sector-specific regulations that must be satisfied. One might also say that management has failed to adequately protect the organization's assets and to safeguard the interests of the business and the shareholders. After all, if the organization lacks procedures to protect personally identifiable information it is required to protect -- an oversight that may affect the organization's reputation and have an impact on its profitability -- is it likely to have measures in place to protect other sensitive corporate information?"
Herold concludes, "Data disposal, anonymity, trust, privacy management, and systems development activities are just a few of the many privacy concerns organizations must address. However, they are some of the most often disregarded, a fact that leads to a very large number of privacy breaches and to consumer distrust. To effectively address all privacy issues, organizations need to thoughtfully create a privacy strategy that is clearly and consistently supported by the top business leaders."
To request a copy of the Cutter IT Journal issue, "Avoiding Privacy Pitfalls" or to schedule an interview with Rebecca Herold, contact Ron Pulicari (+1 781 641 5114 or press@cutter.com).
See more information about Rebecca Herold.
To request a press pass to Cutter Consortium's 11th annual Cutter Consortium Summit, April 29-May 2, 2007, contact Ron Pulicari (+1 781 641 5114 or press@cutter.com).
See more information about Cutter Consortium Summit 2007.