Magazine article Risk Management

Monitoring Privacy

Magazine article Risk Management

Monitoring Privacy

Article excerpt

Privacy has become one of the most challenging issues facing the business sector. It is essential to building customers' trust in the companies with which they do business. Nevertheless, as recent examples show, violations of that trust persist despite the importance many organizations place on privacy management.

* At Georgia Tech, hackers invaded a computer and copied names, addresses and, in some cases, credit card information for fifty-seven thousand patrons of the Ferst Center for the Arts.

* A Coca-Cola employee slipped into the company's computer system without authorization and downloaded the salary information and Social Security numbers of 450 coworkers.

* Eli Lilly, manufacturer of the antidepressant drug Prozac, inadvertently sent an e-mail notice revealing the e-mail addresses of approximately six hundred registered Prozac users to a list of people who had opted to receive reminders and other news about the drug.

* The California State University's $662 million computer system's security flaw gave users access to student and employee Social Security numbers and other confidential data. University officials reportedly knew about the problem for years and told state auditors that they require employees to sign confidentiality agreements, promising to respect others' privacy.

Technology has made it possible for organizations to collect, store, transfer and analyze vast amounts of data about consumers. It is almost impossible to find a Web site that does not use cookie or Web beacon technology to gather information about visitors, This, along with the myriad subsequent uses of this personal information that technology makes possible, has raised public awareness and consumer concerns about online privacy.

The problem of protecting privacy lies with the enforcement of policies, including determining who is responsible for enforcement. This requires a shift in thinking.

Privacy has been approached primarily from a policy perspective. Most organizations, however, lack the business processes, structure or appropriate identifiable personnel to fully monitor and implement compliance. In addition, commonsense interpretations of lengthy and confusing regulations must be provided to those who are actually implementing privacy policies. And since privacy is an ethical issue, corporate consciousness must go beyond minimal compliance--it must be integrated with the corporate culture.

Finally, privacy management is not only a legal or information technology issue, but a risk management, records and information management issue as well.

To date, professionals from these disciplines have been underutilized in the implementation and monitoring of privacy practices. To alleviate future privacy liability, organizations must foster a new partnership between risk management, records and information management and executive management functions.

More Than a Policy Issue

Some argue that privacy is a systems security issue. To some extent this is true, since a solid cybersecurity program is necessary to safeguard information. Many recent privacy infringements are a result of improperly configured Web sites, insufficient firewall protections, unpatched holes in business applications or operating systems, or a failure to use standard security measures such as encryption of sensitive data in transit and storage.

Once the technology issues have been fixed, however, there must be systems--privacy policies--in place to prevent misuse of information due to simple human error, a rogue employee or an overzealous marketing department. Privacy policies, however, present a dilemma. Organizations that do not have a privacy policy risk noncompliance with regulations, exposure to lawsuits and potential loss of customers. If an organization has a privacy policy but does not follow it, exposure to the aforementioned risks also increases. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.