With the increasing number of data breaches happening today, the need for data privacy protection is at an all time high. Does your company have the necessary policies, procedures and technologies in place to protect it from such risks? As technology continues to develop, the ability to move and share data on the cloud increases the need to protect such data and ensure privacy. Companies should have in place procedures and guidelines for handling data, proper storage protection, and compliance with data-privacy laws and guidelines, just to name a few.
How do you know if your company is protecting the privacy of its users’ data? Below are 11 questions that can give you a quick review to see how well you are protecting this information:
1. Data residency: Does your IT admin have the ability to determine regions for data storage?
2. Local admin: Can IT admins be segregated and delegated with pre-defined granular access rights?
3. Vendor production: Are vendors prevented from accessing stored data blocks or metadata?
4. Individual privacy: Can end users control privacy settings or opt out of admin data, metadata, or audit trail visibility?
5. Data segregation: Is data on mobile devices containerized?
6. Employee: Are there exclusionary settings for the data backup and collection process, with admin visibility to audit trails restricted via policy?
7. Officer data: Are there policy group settings for classes via Active Directory to restrict data visibility?
8. Data auditing: Can data be fully audited for compliance response for PHI and PII?
9. Tracking and monitoring: Is monitoring proactive and based on data classifications?
10. Compliance: Are there delegated roles for compliance and legal counsel?
11. Investigations and e-discovery: Is there full data and audit trail access for compliance, investigation, and litigation requirements?
If you cannot answer “Yes” to most of these questions, then your data may be at risk. Those areas that are open to potential danger should be updated with the utmost urgency, otherwise, your company could possibly encounter a data breach and/or potential legal issues for failure to properly protect such data. If you have questions or concerns about what is needed for proper data privacy protection, feel free to contact one of our highly experienced Internet attorneys.