Hot on the tails of data loss, comes the issue of e-Privacy. Privacy is a good thing, and e-Privacy is a better thing, but that doesn’t mean it’s not an eternal damnation to Procurement. Why?
As per our post on the technological damnation of data loss,
- customers are always demanding more privacy rights,
- oversight requirements are increasing as regulatory acts are multiplying, and
- the technological sophistication required to achieve an acceptable level of security and privacy safeguards is now through the roof.
Add this to the customer fear combined with a lack of the technological understanding of the underlying security requirements to achieve e-Privacy, and it’s a very difficult damnation for Procurement to tackle. But that does not mean that e-Privacy is not capable of being tackled. Where do you start? First of all, prevent against data loss using the techniques in that post. Namely:
1. Identify the subset of data that needs to remain private.
Name, government identification number, medical record, etc.
2. Identify the systems necessary to process that data.
HR, Payroll, etc. Make sure the systems are secure, encrypt all the sensitive data stored in the application or the databases they access, and only decrypt the data for the properly authorized individuals.
3. Make sure all access to private data is logged and auditable.
And, most importantly, backed up in secure off-site backups.
4. Make sure that only the private data that is truly necessary is maintained in application systems.
Maybe you needed to do a full drug check, credit check, etc. on a potential employee as part of the hiring process, but besides “drug free” and “acceptable credit score”, does that data need to be maintained? No. Similarly, only a health practitioner needs full medical records.
5. Be sure to inform consumers of the measures you will take to protect their data.
A little education goes a long way.