data privacy training

Data Privacy Is More Important Every Day

It feels like there is a data breach just about every day somewhere in the world.  In the United States, it seems like there is one every week or so.  We do not hear about them all, maybe because we have become numb to it, unless it affects directly.  We always hear about the big ones, like Equifax, but data breaches also happen at local governments, regional hospitals, small businesses – no entity is off limits.

Data Privacy can be an issue for any entity that collects, stores, and processes personally identifiable information.  Once an entity collects this data, they somewhat enter into a contract to protect this data from anyone that is not authorized to access it.  In the United States, the entities seems to have the upper hand as it relates to any sort of punishment for losing control of a person’s data.  It has been a year since the Equifax breach.  Have they been punished?  They have made $260 million in profit since the breach.  They are doing just fine.  Things are much different in the Europe, specifically EU countries.  The EU just enacted General Data Protection Regulation, or GPDR.  It is very complicated, but in short, most of the power lies with the person.  Entities have to inform persons that they have the data, if they do anything with it, and they have to delete it if a person makes a request.  Things are changing in the US as well.  Some states have enacted laws to help consumers have more control over their personal data.   

An entity can have the best hardware and software to help with data security, but even the best security cannot protect data if an employee causes the breach.  This is why it is critical for employees to be trained about data privacy.  Employees need to know the ins and outs and understand that they are an important part of the overall strategy to protect the personal data in the information systems.

While there are many aspects of data privacy that are important, here are four components that should be part of data privacy training for employees.

  •  PII – Personally Identifiable Information
    This is any data that may reveal the identity of a specific person, such as full name, address, social security number, passport number, etc.
  • PFI – Personal Financial Information
    Any data that can be associated to a person’s financial records, such as credit cards, bank accounts, etc.
  • PHI – Personal Health Information, aka Protected Health Information
    Any data that can be associated to person’s medical/health records, such as lab reports, hospital records, medical bills, etc.  HIPPA was enacted to protected people’s PHI.
  • IP – Intellectual Property
    Any data associated with creations of the human intellect.  Typically it refers to copyrights, patents, and trademarks, but also includes trade secrets, publicity rights, moral rights, and rights against unfair competition.