January 28 2019
Today, the world recognizes Data Privacy Day. As privacy protection concerns and privacy laws around the world, such as Europe's General Data Protection Regulation (GDPR) and California's incoming digital privacy law (the California Consumer Privacy Act), continue to build, we are reminded to be more mindful of data privacy, safeguarding data, and enabling trust. Let us mark this day by increasing our awareness of data privacy and considering key data privacy practices in our everyday work.
Here are some best practices around maintaining privacy and enabling trust to keep in mind and share with your colleagues.
Data privacy is focused on the use and governance of personally identifiable information (PII). PII includes personal information that alone, or in combination with other information, can identify an individual such as a client, prospect, vendor, agents or staff.
Recognizing PII when you see it is a key step in protecting privacy. Accidental disclosure remains one of the most common ways that organizations fail their privacy obligations. Train yourself to raise a mental alert when you spot PII, including these examples:
If you collect PII, whether through a form, survey, or other means, a good mantra to remember is if you don't need it, don't collect it. This means we only collect PII for the specific business activity that we have set out to accomplish.
Ask yourself:
Once you have the PII, use it only for your specific business purpose. Take care in the storage and sharing of information containing PII. Share or disclose PII only to those with a "need to know," which helps to prevent accidental disclosure. Limit access to PII or systems to only those who require it to perform the core duties of their jobs.
Ask yourself:
At the end of the business activity or when the PII data is no longer needed, check to see if there are any requirements to retain the PII. If not, safely dispose of it.
Ask yourself:
One of the most important things you can do when handling PII is to simply become knowledgeable. When questions arise, verify your approach to data handling by leveraging company resources:
Ask yourself:
Educating yourself before you handle PII is important. And remember, if something is amiss, or you suspect that there may be an issue, take action and contact your privacy or security group!
Reggie Davis is General Counsel and Chief Privacy Officer at DocuSign.
To view the original article, visit the DocuSign blog.