Professional Documents
Culture Documents
When looking at any organization today major privacy issues are a big problem with data
breaches being at the top of the list. As stated in an article on the IT Business Edge website,
Data breaches, cloud computing, location-based services and regulatory changes will force
virtually all organizations to review, and at least half of all organizations to also revise, their
current privacy policies before year-end 2012, according to Gartner, Inc. These issues will
dominate the privacy officers agenda for the next two years. In 2010, organizations saw new
threats to personal data and privacy, while budgets for privacy protection remained under
pressure, said Carsten Casper, research director at Gartner. Throughout 2011 and 2012, privacy
programs will remain chronically underfunded, requiring privacy officers to build and maintain
strong relationships with corporate counsel, lines of business, HR, IT security, IT operations and
application development teams. An established relationship with regulatory authorities and the
privacy advocacy community will also be an advantage to them. (2015, ItBusinessEdge.com)
To analyze the major privacy issues that are described in the section above and compare
to any other businesses that are facing potential privacy risks first is the point out the privacy
issue in which was a data breach. When a data breach occurs a lot of information becomes at
risk. As stated in an article on Tech Target by Margaret Rouse, A data breach is an incident in
which sensitive, protected or confidential data has potentially been viewed, stolen or used by an
individual unauthorized to do so. Data breaches may involve personal health information (PHI),
personally identifiable information (PII), trade secrets or intellectual property. The most common
concept of a data breach is an attacker hacking into a corporate network to steal sensitive data.
However, not all data breaches are so dramatic. If an unauthorized hospital employee views a
When looking at the strict risks and applicable laws that govern the privacy risk first you
have to look at the federal and state regulatory framework. As stated in an article written by A
strict federal and state regulatory framework that is aggressively enforced, coupled with the everincreasing challenges that new technology imposes, requires that financial institutions dedicate
substantial resources at all levels of their organizations to mitigate these risks. A robust privacy
and information security risk management program must deal with these challenges holistically
to ensure that when not if a privacy or information security incident occurs, the negative
impacts of it are minimized and promptly remediated.
The key for financial institutions is to understand that privacy and information security
risk management is everyones business, from the CEO to the mailroom clerk. Financial
institutions must know the applicable laws and regulations; identify the privacy and information
security risks that they face; implement and reinforce policies, procedures and practices with all
employees and agents; establish adequate corporate governance; and ensure that accountability
permeates the organization.
There are several separate sets of laws and regulations that govern how financial
institutions manage privacy and information security risks. These include federal and state
privacy laws, the NAIC Model Regulation Act on privacy, state insurance departments
safeguarding of customer information rules, and state information security breach laws. In
addition, Massachusetts issued its landmark data security law back in 2010. (2013, B Loutrel)
References
It Business Edge.com 2015 Top Five Privacy Issues Organizations Must Tackle
http://www.itbusinessedge.com/slideshows/show.aspx?c=91946
Loutrel B 2013 How to manage privacy and information security risk Life
Health Pro
http://www.lifehealthpro.com/2013/06/12/how-to-manage-privacy-and-information-security-ris?
t=life-practice-management
National Rural Electric Cooperative Association, Copyright 2011 Guide to Developing a Cyber
Security and Risk Mitigation Plan
https://www.smartgrid.gov/sites/default/files/doc/files/CyberSecurityGuideforanElectricCooperat
iveV11-2%5B1%5D.pdf
Rouse M, 2015 Data Breach Tech
Target
http://searchsecurity.techtarget.com/definition/data-breach