Our Blog

Online Trust And The Fundamentals Of Data Protection

added: 02.25.2014, by Mike Spinney

As we did last week, today I want to take another look at a nugget from the Online Trust Alliance’s 2014 Data Protection & Breach Readiness Guide.

On page five there is an insert entitled “Fundamentals of a Data Lifecycle Strategy.” That strategy is summarized in four points:

• Privacy terms and use policies need to be continually reviewed and updated;
• The Data a business collects includes some form of Personally Identifiable Information (PII) or “covered information”;
• The realization that if a business collects data, it will inevitably experience a data loss incident; and,
• Data stewardship is everyone’s responsibility.

Each of those points may seem obvious to most of us reading them, but I’m a firm believer that even the obvious points need to be repeated often so that they don’t become both obvious and forgotten. More important, they need to be expressed so that others can hear them and learn them and consider them as they go about their business.

The reason this is important is because the fundamentals of data privacy and information security must spread beyond the traditional boundaries of the data privacy and information security professions.

Last week I was in conversation with a lawyer who works with technology companies on such issues. I commented that it seemed to me one of the biggest challenges in today’s high octane innovation environment is for companies to take responsibility for their use of data. Today’s venture-backed and bootstrapped innovators operate much leaner than their forebears did even just a decade ago. Their small teams are focused on developing and releasing a product or application that relies on data to perform a function with marketable value. It could be location-based, it could be health or fitness related, or it could have some other purpose that needs to know and share information about its user.

Do you think that, among a team of six people working on a new application any of them is thinking about terms and use policies, or whether the data their invention needs is some form of PII?

Probably not. Nor are they likely considering how, with every bit of information gathered from each new user, their nascent company is not only growing its value, but it is also multiplying risk for the time when a data breach occurs.

And it will.

We are near—if not in—an age when consumer trust will be a major strategic consideration for companies large and small. Have you applied fundamentals of a lifecycle strategy to your organization’s business plan in order to establish trust in the digital world?