The buzz around ‘security breaches’ just keeps getting louder. Not a day goes by without something popping up in the media about a data security breach. There’s always another study or paper being released by the government or other organizations. And, now there’s data breach reporting by ‘victims’ in the news. The Privacy Rights Clearinghouse (www.privacyrights.org) recently introduced a simple online tool for consumers to file complaints about security breaches that includes who to file the complaint against.
Of course, there is so much at stake when sensitive information gets into the wrong hands. The biggest risk is identity theft and the costs and stress associated with that. Whoever is to blame for the breach is also in big trouble. Protecting sensitive information is the law in North America (laws include HIPAA, FACTA and PIPEDA) and the consequences for a business when there is a security breach can be severe. Possible penalties include fines and potential jail time, a loss of assets, and a tarnished reputation.
But let’s back up a bit. A privacy breach occurs when there’s unauthorized access to personal information. A company can do a lot to reduce the risk.
- Have a security risk assessment of both physical and technical security.
- Review policies and procedures around security, record retention and document disposal. Shredding documents and eMedia is the most secure way to dispose of sensitive information when it’s no longer needed.
- Review and improve employee training practices.
- Work only with service partners who are committed to security best practices.