Introduction

In this post, we’ll provide an all-encompassing run down of data security and data privacy, why it’s important, real-world examples, and key tips for your organization to keep your data secure and private.

Data security and data privacy are strongly interconnected but not the same. Knowing the differences is important to better understanding how they work, and what they each mean to your business.

With GDPR over a year old, and the California Consumer Privacy now in effect, it’s now more important than ever for organizations to make sure they understand what these two things are, why they matter and how to address them in their day to day business operations.

It’s especially important for industries with strict compliance laws such as healthcare, legal services, finance, and biotech, however, it does apply to anyone collecting data. It also should be noted that this doesn't just apply to the IT or Compliance department, but really the entire organization from marketing and sales to customer service.

What’s the difference between data security and data privacy?

Data privacy is a part of data security and is related to the proper handling of data - how you collect it, how you use it, and maintaining compliance.

Data security is about access and protecting data from unauthorized users through different forms of encryption, key management, and authentication.

Why is Understanding the Difference Important?

With all the legalities now in place protecting consumer’s privacy and data, it’s critical that your business understands the implications of not understanding nor addressing these two items. Now that we’ve covered what they actually are, let’s dive into what it means for you.

As a business, it is your responsibility to keep your data secure and as a result, that also means protecting your employees’, customers’, partners’, and any other contacts’ data safe and secure. Without proper measures in place for this, there are a variety of scenarios that can happen:

1. If you don’t have proper security measures in place such as Multi-Factor Authentication, Multi-Device Management, Identity Management, your business could be at risk for a breach. Aside from employees, your data is your most critical asset. If it becomes compromised, the business will suffer dramatically and may even cease to exist.

About 60% of hacked small and medium-sized businesses go out of business after 6 months. 

2. Without proper measures in place to keep your employee or customer data private, you could be in violation of a variety of regulations. For example, healthcare companies must abide by HIPPA and not share sensitive patient information. This personal information should also not be sold or redistributed without consent. In doing so, you could be 1) violating the law and 2) end up with disgruntled customers who end up leaving you for a competitor. Either way, it has a significant impact on your revenue between fines and loss of customers. Not to mention the reputation you will form that could have lasting effects.

What Are The Legal Implications? GDPR & CCPA Compliant

What GDPR Means for Your Business

With the EU’s General Data Protection Regulation (GDPR) now in place, businesses need to protect the “personal data and privacy of EU citizens for transactions that occur within the EU.” Now, even though this might seem like something similar to the US, there is a significant difference concerning how the EU and US look at identification information.

While under GDPR compliance, companies need to use the same level of data security for both stored personally identifiable information such as social security numbers, as well as cookies. And even though the GDPR applies to the EU, it also applies to anyone that has dealings within the EU.

To learn more about GDPR, here is a checklist we created to make sure your organization is protecting your data.

What CCPA Means for Your Business

The California Consumer Privacy Act (CCPA) took effect in January of 2020. The reasoning behind this bill was to protect the privacy and data of consumers. Essentially, it gives people the right to determine how their data is stored and shared.

With this law in place, and other states starting to follow, it’s critical for businesses in California to understand the legal ramifications and how to abide by the new law. This new law “creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses” meaning California residents have the right to:

  1. Know what personal data is being collected, access to that data and the ability to request that their data is deleted
  2. Know if that data is being sold and to whom as well as the ability to opt-out of having their data sold

The CCPA applies to the following businesses (must meet only one of the following):

  1. Annual gross revenue greater than $25M
  2. Buy or sells the personal information of 50,000+ consumers/households
  3. Earns more than half its annual revenue from selling consumer information

While this may not apply to you now, there are other states and even discussions at the federal level where data privacy rights will be more commonplace. Data isn’t going anywhere, in fact, it’s only growing, so regardless if you fall into today’s thresholds, it can’t hurt to start thinking about it for the future.

Here are a few more tips for being CCPA compliant.

 

One Real-World Example of Not Abiding By Data Privacy Laws

In January 2019, Google was fine $57M under the new GDPR law. This shows that even the biggest companies are still struggling with what this means to them and how to incorporate the right security and compliance measures within their business ecosystems.

The complaint came from a privacy group that accused Google of not properly adjusting their data collection policies with the new GDPR regulations. While the fine may be “immaterial,” it goes to show how much they’re really cracking down on this new law.

3 Tips and Reminders for [Staying Data Secure]

    1. Enable Multi-Factor Authentication whenever and wherever possible. This allows you to have better access control with your logins
    2. Research and make sure you’re aware not only of your industry regulations but state-wide, national, and global laws that may impact you as well.
    3. Work with your IT team to make sure measures and policies are in place to protect user access controls.

 

Data Governance and Identity Lifecycle Management

One of the best places to start is making sure you're governing your data and enabling the right individuals to access approved resources, resulting in lowering your security risk. How do you do this? It starts with identity management. Identity management is the security and discipline that enables the right people to access the right resources at the right time for the right reasons. There are many tools that allow for this - our favorite being Azure Active Directory. By implementing Identity Management across your systems and network, you ensure all employee activity and data are monitored and managed in a secure way. For example, so many people are working remotely and still collaborating today - documents are being sent back and forth and shared in a variety of ways. Identity Management allows your employees can do this safely.

Conclusion

In conclusion, while data privacy and data security are certainly interconnected, there are different ways to properly address both.

As a reminder, data security focuses on the technology and tools required to deter cybercriminals from getting their hands on your information such as social security numbers, credit cards, accounts, etc.

Data privacy is complying with local and federal laws within and also outside your industry to ensure the data you’re collecting and the processes behind obtaining and what you do with that data are law-abiding.

Both are incredibly important, so I hope this article helped point you in the right direction.

If you wish to learn more, check out our tips on preparing for the CCPA. If you wish to learn more about how we can help you, learn more about our Compliance Management and Identity Management solutions.

There is no denying the fact that cyber attacks are increasing at an almost exponential rate. As people become even more connected to technology, the opportunity for hackers to take advantage also grows. Nevertheless, security is available to protect yourself.

Even with an increase in these sorts of incidents, it doesn't mean that there aren't effective ways to protect yourself from them. Below are some of these security measures that you can employ to keep yourself and your data safe from hackers.

Software Updates

Though many people view software updates as mere nuisances that only seem to pop up when you need your computer the most, they are, in fact, one of the best means to protect yourself from these online threats.

We should also keep in mind that with the arrival of the so-called Internet of Things (IoT), it's not only through our computers but also with other devices that hackers can get their hands on our personal information. The devices include smartphones, tablets, routers, printers, televisions, gaming consoles, smart fridges, among many other unexpected objects that are connected to the internet.  It's only by regularly updating your software that you can fix various bugs and glitches, but also increase your security.

Virtual Private Network (VPN)

A virtual private network (VPN) "is a connection between a secure server and your computer, through which you can access the internet," according to David Gorodyansky, CFO of AnchorFree.

In short, VPNs will extend a private network across a public network, enabling the user to send and receive data across the public system as if the computer were directly connected to a private network. It means that devices running on a VPN will have the benefits of a private network such as increased functionality, privacy, management, and security.

Strong Passwords

Digital security will increase if you choose to create strong passwords. Examples such as "123456" or "password" won't cut it. You will have to add upper and lower case letters, numbers, and symbols.

It's also advisable to change your password frequently, every few months or so. Using the same password for everything - something which most people already do - puts you at risk. If someone manages to get their hands on that password, all of your other accounts could be under attack.

Spam Filters

Spam filters can help reduce the amount of spam and phishing emails that you may receive. These phishing emails are attempts by various hackers to acquire information from you by posing as someone else - either a trusted institution or even a friend or acquaintance.

Do not respond to these emails, try to unsubscribe, or call the person/organization that supposedly sent you the email to make sure of its origin. By installing a spam filter, you can diminish the amount of spam you receive.

Knowledge

Keeping yourself up-to-date on these issues is among the most active security measure a person can have when navigating the internet. Protect yourself and don’t fall prey to all sorts of social engineering attacks.

Conclusion

Even if the internet is an incredibly powerful tool that will undoubtedly shape humanity as we know it; it isn't without risk. While it brings people together, educates, and creates ample business opportunities, it also allows all sorts of shady characters to take advantage. Know how to protect yourself from their attacks by employing these security measures presented here. Still want help? Contact us today to learn how we can help.

 

Contact us Today!

Chat with an expert about your business’s technology needs.