Here we'll discuss Information Privacy. In interacting with many online resources, we submit personal information in order to facilitate, customise or improve the user experience. A number of legal entities and instruments exist internationally which oblige the controllers of this data to process and store the data legally, fairly and securely. This includes requesting only the data required to perform the function requested, retaining the data for a period no longer than can be justified given the nature of the service, protecting the data from unauthorised access and misuse. The General Data Privacy Regulation (GDPR) which has been ratified across Europe will come into force in May 2018. This Regulation will not only be binding on entities processing or storing data in Europe but also on any entity processing or storing data on European citizens.
While most businesses have programs, at various levels of maturity, to protect sensitive business and financial information, the personal information of customers is often stored in perpetuity in clear text without strong access controls. Moreover, inventories of this data are not maintained and the ability to extract this data discretely is often not exercised. Before providing some specific guidance points, I should mention the penalties for data breach as these will certainly make you sit up and take notice!
The following sanctions can be imposed:
Here are a few things you should be doing and be able to do: