While recent headlines about cybersecurity attacks and data breaches should give everyone reason to review their own internet security systems, companies should be especially vigilant to ensure they are complying with their obligations to keep personal information secure. Maintaining information privacy and cybersecurity can present difficult challenges for any company. Taking steps now to review and update a company’s policies and safeguards can increase consumer trust, ensure compliance with the law, and reduce the risk of potentially disastrous data breaches. This article is a part of a series discussing information privacy and cyber security, your obligations as a company, and steps that can be taken to create and improve an effective information privacy program.

What you can do right now to improve your information privacy program.

There are many steps you can take right now to begin improving your information privacy and cybersecurity programs. The best privacy and security programs are proactive and take steps to reduce risk, rather than waiting for a breach or compliance concern to arise. The first steps involve asking the right questions to determine what other steps should be taken. Consider asking the following questions:

  • What types of personal and non-personal information do you collect?
  • How do you use that information within your business?
  • To whom do you disclose that information?
  • Where is that information and data stored?
  • What representations do you make to your customers regarding the use and disclosure of their collected information?
  • Do you comply with your representations?
  • Do you collect more data than you actually need?
  • Do you properly delete personal information that you no longer need?
  • Are you taking appropriate steps to secure your information technology systems (for example, using firewalls, encryption, implementing password requirements, and educating your employees)?
  • What rules and regulations apply to your specific business?

Asking and answering these types of questions should occur regularly as the business and technology change. An external audit of your information privacy and cybersecurity systems may also be appropriate in order to identify any areas that need to be addressed.

Once the concerns and vulnerabilities have been identified, steps should be taken to resolve those issues. You may need to rewrite your privacy policy or terms of service to comply with your actual data collection and use practices. Additional disclosures and requests for consent may need to be made to provide consumers accurate information about your privacy practices. Address any information security vulnerabilities you have identified.

Create a plan to respond to a data breach if one occurs in the future. Review the appropriate data breach notification law in your jurisdiction and develop a plan to mitigate an ongoing breach and notify the appropriate persons, vendors, or agencies.

Consider taking other steps to reduce your risk, including obtaining cyber liability insurance, reviewing your vendor contracts to ensure your vendors are implementing appropriate security and privacy policies, and informing your employees of their privacy and security obligations.

Fraser Stryker Law Firm Information Privacy Attorneys

Proactively seeking the advice of an experienced information privacy lawyer before a data breach or other incident occurs can reduce the increasing risk associated with data collection and use. Fraser Stryker’s information privacy and cybersecurity lawyers advise clients on a wide-range of issues regarding data collection, disclosures, FTC compliance, online advertising, data breach notifications, terms of service and privacy policies, intellectual property, and other e‑commerce and technology-related issues. For additional information, contact Troy Meyerson.