Lately, the news has been filled with stories of data theft especially involving credit card users or retailers having their systems hacked. The theft of someone’s private data, especially financial or personal data is quite troubling. Data privacy and increased hacking or theft of individuals’ data is quite serious with the ramifications felt throughout the world. Risk management processes therefore need to properly address data protection and data privacy issues if companies want to avoid catastrophe.
Therefore, a company or organization must consider regulatory requirements, global data protection laws, US state laws, and its own compliance policies and corporate regulations when considering how to handle and protect data, as well as the risks surrounding unauthorized access or use of such data. Not only is a company’s violation of data privacy laws looked upon seriously , but data theft or lack of appropriate data security systems likewise are frowned upon in general by society and looked upon as inexcusable by an organization’s stakeholders.
When an organization confronts the risk inherent in unauthorized use of its data, it must keep in mind three basic risks involved with data processes before implementing risk management solutions.
- Financial risk: Fines and penalties resulting from privacy laws, EU directive, litigation, litigation costs, US data protection laws, and state data protection laws
- Intellectual property risks: Loss of competitiveness in the marketplace due to loss of trade secrets or other forms of IP to competitors
- Brand risks: Loss of reputation, customer loss, negative publicity, negative reaction of stakeholders, and increased scrutiny of regulators
The above-mentioned risks can be catastrophic when dealing with data and data processes. An organization must confront the three major risks in light of regular corporate data processes, primarily:
- Data usage: Data processes involved with data usage, such as data accessed by specific users
- Data storage: Data stored in servers
- Data transfer: Data transferred to third parties from specific points in a computer network
When implementing a LRM or legal risk management process, companies must consider the above risks and how to mitigate or avoid them. How involved is the management of your company with IT security issues? Has your IT department allocated sufficient resources to prevent hacking or theft of personal information? What processes are in place if your systems are hacked? What crisis management procedures are in place in case the worst happens?
The more sophisticated hackers become the more sophisticated security measures have to be. The recent theft of 19 Million credit card customers’ personal data in Korea shows how easy it is for information to be leaked or stolen. Is your company asking the hard questions when it comes to data privacy? Is your Board of Directors involved?
Are you ready in case you are hacked?