Putting the IT in Data Privacy
Data privacy best practices are not, and should not be, the sole responsibility of lawyers and other legal experts.
The protection of sensitive client data is everyone’s responsibility, and this has become especially true for IT professionals. After all, IT staff are the ones responsible for building data privacy protections into an organization’s network infrastructure.
Consider for a moment how much sensitive personal information an IT staffer may encounter as part of his or her daily duties. Imagine a typical network administrator, whose privacy-related responsibilities include:
- Defining the authentication protocols used to prevent unauthorized access
- Restricting access to files containing sensitive information, such as credit card numbers or health information
- Requiring encryption when storing data containing sensitive information
- Maintaining the security of the systems used to transmit data
The data that runs through an organization’s systems, both client and employee, is connected to real people. And data breaches, whether by accident or malicious actor, have real consequences.
Shifting IT Responsibilities
The industry is experiencing an emerging shift for IT professionals, shifting from technology-focused responsibilities to the management, education, and control of people in whose hands the technology now resides. Consequently, training these multitudes in the ways of security awareness is becoming Job One.
This shift should be happening in the privacy space, too. Rather than an additional liability, we see this as an opportunity for IT staff to become standard bearers for their organizations when it comes to promoting sound privacy principles. Here’s why:
IT professionals are the gatekeepers between your employees and the hardware and software that makes your company run. In this role, IT staff are uniquely position to drive home the importance of data privacy to your employees. They know (or should know) just how vital the data your company handles is. They also likely know how vulnerable humans can be to cyber attacks designed to break through data privacy safeguards.
Taking Up the Standard
In their new role as privacy standard bearers, IT professionals will need to develop some new skills. They’ll need to become internal consultants, working to guide and manage directions and stakeholder relationships so that those they work with develop an understanding of how data privacy impacts their everyday work lives.
Imagine this scenario: IT Manager Jane sees a spike in suspected phishing attempts sent by employees. Obviously, this is a good thing. Such awareness means your employees have integrated sound security practices into their work lives.
But imagine IT Manager Jane taking this a step further. With her security awareness hat on, Jane takes a moment to thank those employees that have helpfully forwarded her suspected phishing attempts. In her role as privacy communicator, she reminds employees what getting phished could actually mean: thousands, perhaps millions, of pieces of private client or employee data compromised. In this way, Jane can both positively reinforce a security awareness message while establishing an important link between such awareness and data privacy best practices.
A Brave New World
Such a shift may sound scary, especially for your IT staff. But convincing them of their important role in ensuring your organization’s data privacy wellbeing will go a long way toward building a corporate culture acutely tuned to privacy risks. A culture in which privacy concerns inform all of your employees’ decisions.
Fortunately, there is help out there. Data privacy awareness training designed specifically for IT professionals will ensure your IT employees are well-informed. This, in turn, will help lay the groundwork for a companywide privacy awareness initiative.
Want to learn more about MediaPro’s privacy awareness training offerings? Visit us here, or request a demo.