In this post, we will look at some ideas and tools to keep in mind when addressing data privacy issues.

Data Concerns

If an organization needs to gather and collect data from customers and or stakeholders several concerns need to be addressed. For example, the organization must develop a privacy policy that explains how data is collected, and its legal ramifications, identifies who the data is shared with and how, and explains how an individual can opt out of this process. Some experts also recommend a cookie policy but that relates primarily to organizations that solicit data from individuals who visit the organization’s website.

Once the privacy and or cookie policies are developed they need to be published on the website. Publishing the policies helps with informing consent and allows individuals to decline participation in sharing their data with the organization. The policy also needs to include a contingency plan for data breaches.

Obligation Management & Data Collection

When dealing with data, an organization must also know what data is being collected, how this data is collected, and as was already mentioned how consent can be given or revoked. A privacy team must know how and where data came from to set in place proper procedures for governing this data.

There are two main ways that data is collected and that is directly and indirectly. Direct data collection is a request that the organization makes that a person complies with. For example, when entering a website to purchase something it is common to have to supply an address and credit card information.

Indirect data collection is data that is collected with a direct request to the individual. For example, many websites have cookies and track IP addresses to determine the person’s location. Many people provide this information without being aware of it.

Data Movement

Data movement addresses many of the same ideas already discussed. In general, several key questions must be answered to determine how data moves within and out of an organization. For example, it is important to know how data was collected, what data was collected, why it was collected, how it will be stored, how it will be shared, and if necessary, how it will be destroyed.

Again most of these questions have been addressed but the main difference is for what purpose. Data movement can be used to track the journey of data through an organization in a way that is beneficial for data lineage.

Acronym

Many of the ideas expressed in this post can be captured in the acronym PREACH, which is listed below

P (purpose)-What is the reason for asking for data

R (Right to change)-Can changes be made to the data on request

E (Easy to understand)-Are the policies for data comprehensible

A (Alerting)-Will a person be alerted if there is a problem with their data

C (Consent)-Do people give permission for their data to be used

H (How)-How will the data be used

Conclusion

There will always be challenges with managing the privacy of data. Despite this, there are several ideas to keep in mind when trying to protect user data. The ideas presented here provide a baseline for privacy leaders.