Editor’s Note: This post is part of our Big Ideas Series, a column highlighting the innovative thinking and thought leadership at IIeX events around the world. Rebecca West will be speaking at IIeX North America (June 13-15 in Atlanta). If you liked this article, you’ll love IIeX NA. Click here to learn more.
It’s not yet certain what the final outcome of the EU-U.S. Data Privacy shield will mean. As soon as it is finalized it’s expected to be immediately challenged from within the EU. But whether data is being exchanged between the EU and the US or not, the truth is that how data will be handled almost everywhere has forever been changed. Companies should not wait for regulations to start putting in place mechanisms for managing data transfer.
We’ve boiled it down to ten strategies for working together to win the compliance challenge. They aren’t scientific or in any prescribed order. But they are a start toward a checklist about respondent data security.
Establish a Culture of Accountability Organizations that exhibit a “culture of caring” with respect to data privacy and protection are less likely to experience security breaches. Maintain an organizational mindset that you are stewards of respondents’ data and it is your responsibility to protect and safeguard it.
Establish and Engage in Best Practices Address issues of confidentiality before a project begins. Always have respondents sign an Informed Consent Form. Review deliverables to make sure respondent identifiers are removed.
Become More of a Technology Guru Understand what it means to have data encrypted over public and private networks.
Establish and Enforce A Security Policy Shortcomings in privacy and protection technologies can result in data being compromised.
Promote and Enforce PII Security Protocols Establish a comprehensive global data protection program that provides a consistent approach to protecting respondent data.
Understand the Global Public Mind Set Individuals worry about the ability of government and businesses to monitor their habits online and combine information with other data to create personal profiles, while avidly sharing personal information across social networks voluntarily. This is a dichotomy that is hard to explain, but real.
Engage in Public Compliance Become more transparent. Publicly disclose privacy policies on your website.
Become Aware of Non-Compliance Cost Fines for an EU data breach will become up to 4% of annual revenue from your preceding year. Regardless if you’re a Google or a 1-person consultancy, violating this law will hurt your bottom line.
Accept that Global Data Privacy Issues Will Be Fluid for a While Emerging regulations generally are not sufficient for how data is transferred electronically. There are few consistencies from country to country or even within individual countries.
Know the Company You Keep There is a notable difference between organizations’ intentions regarding data privacy and how they actually protect it. Understand the approach to data protection among third parties you do business with. Make it clear to business partners that safeguarding respondent information is one of your shared fundamental responsibilities.
Follow these steps, and you can lessen your risks. In the process, you are honoring the needs of respondents to maintain control over their personally identifiable information – with or without legislation.