January 28th has been designated as the annual "Data Privacy Day" or "DPD2015" – a day dedicated to educating people about the importance of protecting their personal information, promoting individual control over private data, and encouraging businesses to be good stewards of our private data. On this Data Privacy Day, we are encouraging all businesses that collect or hold private information to participate in at least one activity to help show their awareness and engagement on data privacy issues. To help you get your business involved, consider taking part in one of the following activities:
- Promote Privacy Awareness Among Your
Employees: After all, employees are individuals who have
personal information that they need to protect. Send an email to
your employees reminding them that today is Data Privacy Day and
they should take a minute to check their privacy settings on social
media and other sites they use frequently. To help them, you can
direct them to http://www.staysafeonline.org/data-privacy-day/check-your-privacy-settings/,
which provides great information about the privacy settings on
various sites.
- Remind Your Employees About Your Company's Privacy
and Data Security Program: Most data breaches are the
result of simple employee error, or phishing campaigns that
cleverly trick your employees to inadvertently surrender network
access login information. To combat this effort, establish a robust
Privacy and Data Security Program and remind your team of those
policies monthly through an ongoing employee communications
campaign.
- Create, Review, or Update Your Data Incident Response
Plan: There is no time like DPD2015 to review your
company's Data Incident Response Plan. Every company should
have such a plan to ensure that its response to any incident
impacting the security of sensitive information is timely,
effective and protects your customers, clients, and brand. If you
don't have a Data Incident Response Plan, contact a Troutman
Sanders privacy lawyer today to assist you in developing one.
- Review the Privacy and Data Security Laws That May
Impact Your Business: Many companies feel like they have a
good grasp on the privacy and data security laws that apply to
their business. These laws, however, are rapidly evolving and new
laws are being introduced at the state and federal level. DPD is a
great opportunity to inventory all of the privacy and data security
laws that may apply to your business and create a plan for learning
more about these laws and ensuring compliance.
- Raise Privacy Awareness in the C-Suite and the
Board: Use Data Privacy Day as an opportunity to raise
awareness with executive management and the Board about privacy and
data security. Make sure that they have read your outward facing
privacy materials, know which information the company holds may be
at risk and need protection, understand the steps your company is
taking to protect personal information, and get their engagement on
improvements to your system, policies and procedures that your
company may want to make over the coming year. Next year on DPD,
you, executive management and the Board can celebrate all of the
improvements that your company has made!
- Update Your Company's outward facing privacy
materials: There is no better day then Data Privacy Day to
take a fresh look at your company's outward facing privacy
materials. Make sure that it is current, reflective of your actual
practices, easy to read and understand, and compliant with all laws
that may apply to your business.
- Promote Privacy Awareness Through Social Media: If your company has a social media account, use it to let the world know that your company cares about privacy. Stay Safe Online has a list of tweets that you can consider using (http://www.staysafeonline.org/data-privacy-day/get-involved/social-media) or you can create your own. Make sure to use the #DPD2015 to be part of the conversation.
For more information about Data Privacy Day and resources that you can use, visit http://www.staysafeonline.org/data-privacy-day/landing/.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.