It is no surprise that government officials are taking a strong interest in data protection policies as the pressure for organizations to properly secure the information they collect continues to escalate.  

The recently released publication, "Privacy on the Go" by Kamala Harris outlines a series of privacy practice recommendations for mobile carriers, device manufacturers and others in the mobile industry. One of her recommendations suggests application developers limit their collection of personally identifiable information that isn't needed for an app's basic functionality.  

Critics of Harris' move say it is a maneuver around proper rulemaking channels, but compliance officers "are saying that they don't have the luxury of deciding if it's legal or not," says Scott Vernick. Instead, they are trying to work with the recommendations as they formulate their data security approaches.  

The processes and tools for collecting data in order to protect confidentiality have continued to evolve and advance. Sophisticated companies, Vernick says, keep in mind several principles that have won support from regulatory authorities as they formulate their data security approaches. Along with other precautions, companies collect only the data they truly need, restrict access to data and adhere to data protection policies.  

Along with these principles, Vernick notes that a first step in properly protecting data is an audit. Compliance officers should know and understand all of the details surrounding their data, including where it lives, why they have it, how it's being used and who can access it.  

Once an organization has a handle on the data it possesses, it needs to develop appropriate security measures and rigorously enforce them, Vernick says. Developing a policy that then is ignored is "like a plaintiff's lawyer's deposition outline," he warns. "You don't want to commit a plan to writing if you're unable to follow through."

Previously published in Compliance Week, April 2013.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.