cyBARR Chats Episode 12: Data Privacy

[00:00:00] Claire McKenna: Hello everyone. And welcome to today’s episode of cyBARR Chats, where we will be discussing all things privacy in honor of Data Privacy Week with Matt Schuster, senior consultant here. Data Privacy Week is an initiative led by the National Cyber Security Alliance to spread awareness about online privacy, educate citizens on how to manage their personal data and form organizations about the importance of protecting customer data.
This year at BARR is proud to be a Data Privacy Week champion, which means we are taking part in spreading the word about this important initiative. Okay, Matt, let’s talk about individuals first. So there are both privacy concerns and benefits to data collection. How should individuals think about the trade-off between convenience and privacy?
[00:00:47] Matt Schuster: Understanding the trade-off between privacy and convenience is an important first step for all individuals who want to manage their data online. Online accounts often ask for your personal information, like your location, access to your personal photos or your contact lists in order to use their service.
The best thing an individual can do is to make an informed decision on whether or not they want to share their data with the businesses to do so. Individuals should consider the importance of the data they’re sharing and the benefit they’re receiving in return. Think about who you’re giving your information to, whether the information you’re sharing is relevant to the services they’re receiving in exchange.
[00:01:24] Claire McKenna: Awesome. Yeah, that’s really great advice. When it comes to data privacy tips and best practices, there are plenty out there. What would you say are the most important practices an individual could take today? If they wanted to manage their personal data better online.
[00:01:39] Matt Schuster: Yeah, personal privacy goes into that hand-in-hand with security implementing the best security practices can help mitigate your privacy risks. And some of these best practices include implementing multifactor authentication whenever possible, using password managers, updating software and devices regularly checking your privacy settings on social media and not using public wifi.
When you’re accessing, accessing sensitive information like your bank account or things along those lines.
[00:02:09] Claire McKenna: Great. Those are awesome tips. Um, in order to do those, what are some of the best tools individuals could leverage to help them with managing their privacy?
[00:02:19] Matt Schuster: Yeah, there are plenty of tools available to help manage your online privacy.
A great place to start is the National Cyber Security Alliances. Manage your privacy page, which helps you check on your privacy settings on your social media accounts, apps, and more. And as we already discussed security practices, like using a password manager or an MFA can really help with managing your privacy online.
And there are plenty of tools out there that can help you implement those practices. Uh, I, for example, use Last Pass as my password manager, and that’s just one example of the many tools out there.
[00:02:52] Claire McKenna: Those sound super helpful. We can add a link to the manager privacy page and the description. Um, so let’s switch gears a little bit and talk about data privacy.
From the perspective of an organization, what can organizations do to respect their consumers?
[00:03:09] Matt Schuster: Well, respecting consumer privacy is one of the most important things that an organization can do. This means keeping an open line of communication between you and your customers. Um, you can let them know what information you’re collecting, why you’re collecting it, what you’re using it for and how you’re keeping is it.
Safely stored, excuse me. Uh, not only is respecting consumer privacy, the right thing to do. It’s also a good business strategy. Uh, respecting some privacy. It helps build trust and is good for your business reputation, which can help your overall growth. Uh, as for steps you can take, uh, organizations should consider conducting an assessment of their data collection practices and adopting a framework to help manage their privacy.
Um, NISD and ISO or two frameworks that have specific privacy components, it can help build privacy into your business. This is when having a cybersecurity partner and advisor with light BARR can really come in handy. Um, and lastly organizations should work to create a culture of privacy internally for a lot of places.
This looks like educating your employees on privacy policies and security best practices, as well as setting a good tone from the top.
[00:04:17] Claire McKenna: That’s all really great information to have. Um, you mentioned an IST and ISO, can you tell me a little more about how assessments or audits can help manage privacy?
[00:04:28] Matt Schuster: Yeah, of course, uh, assessments or audits can help ensure, uh, the organization to meet specific controls related to how an organization collects personal data and prevents unauthorized use of that.
Uh, these audits can be really helpful because they give organizations a clear way to communicate the actions the organization takes to protect personal data, to external parties like partners or consumers.
[00:04:55] Claire McKenna: Great. One last question for you, what kind of laws or regulations exist that both organizations and individuals should be aware of?
[00:05:05] Matt Schuster: Yeah, on an international level. Uh, GDPR is the de facto association with, uh, privacy implemented in 2018. The GDPR sets guidelines for the collection and processing of personal informations for citizens of the EU. Um, if your organization does business in the EU or you have clients in the EU, it’s critical to understand how GDPR affects your.
Um, on a federal level here in the US, there are a number of industry-specific regulations to be aware of, for example, HIPAA, uh, which protects patient’s personal health information from being disclosed without their knowledge along with other ones that are here in the UK. Um, there are also a number of states that have their own privacy laws.
California is an, is an example. They have the California privacy protection act, which gives consumers the right to know if their data is being collected and sold. Um, organizations need to understand how these laws and regulations apply to them individually. Learn how some of these laws can give them more control of their personal information.
[00:06:10] Claire McKenna: Awesome. Thanks for all of that information. And that was my last question. So Matt, thank you so much for all of your valuable insight, 12, our viewers, whether you’re an organization collecting consumer data or just an individual looking to better manage your online privacy. We hope you’ve been able to take away some of these best practices and we look forward to seeing everyone next time on cyBARR Chats.