What are you trying to protect?

What are you trying to protect?

Business and organizations today spent a lot of time and effort developing its customer base, highly specialized operating procedures, or some revolutionary technology or product. It has become imperative in today’s time to have a confidentiality and privacy policy in place to protect your customer/ business information or products from possible competitors and hackers.

Before you decide whether you really need a confidentiality and privacy policy for your organization you'll have to classify the information that you deal with and identify what you actually want to protect.

Employers can have a hard time knowing what they should consider secret. It's hard to control employees' access to information unless you know what you're trying to protect.

In deciding what's confidential about your business, look at:

  • the extent to which the information is known outside the business

  • the extent to which the information is known by employees and others involved in the business

  • the value of the information to the business and its competitors

  • the amount of effort or money expended by the business in developing the information

  • the ease or difficulty with which the information could be properly acquired or duplicated by others

A type of information that you may want to protect is Personally Identifiable Information (PII) or client information

Privacy Principles

The following principles can act as a foundation for organization's commitment to maintaining privacy and Confidentiality.

  • Transparency: be transparent about the collection and use of PII and Customer Data.

  • Purpose Limitation: Use PII and Customer Data for the purpose it was collected and disclosed.

  • Proportionality: Limit the collection and use of PII and Customer Data to that which is required for the purpose disclosed.

  • Compliance: Comply with laws/regulations regarding the protection of PII and Customer Data.

  • Accuracy: Maintain PII and Customer Data that is complete, accurate and up-to-date.

  • Participation: Allow individuals to participate in the management of their PII where legally required.

  • Confidentiality: Maintain the confidentiality of PII and Customer Data.

  • Retention: Keep PII and Customer Data for only as long as required

  • Data Transfers: Comply with applicable laws /regulation when transferring PII and Customer Data

  • Accountability: Foster and maintain a culture of Privacy and Confidentiality compliance and controls

Once you have an idea of what you want to protect, you can better devise a strategy for how to protect this information.

Rate this article: 
0
No votes yet
Article category: