For Privacy, Put Your Heads Together

May 1, 2007 12:00 PM, Ken Baylor


         Subscribe in NewsGator Online   Subscribe in Bloglines

You cannot mitigate privacy risk without the help of others. A privacy breach could be a disaster for an organization, so analyzing your privacy exposure should be a major goal. Mitigating privacy risk involves more than securing your databases and removable media. It requires a deep knowledge of data flow through your organization, especially where personally identifiable information (PII) resides. It requires knowing what is and what is not acceptable in your jurisdiction and in all jurisdictions where your business operates. It requires knowing your people, processes and strategies and those of your partners. It requires that relevant devices be appropriately physically secured and personnel trained. It requires that PII access be monitored and auditable, and all copies of data (whether on backup tapes, testing servers, USB drives and even failed drives) be tracked until securely destroyed. The cooperation of physical and information security leaders is critical.

Try forming and leading a privacy council to leverage your interdepartmental leadership and to increase your impact. It allows the forging of strong bonds with leaders in legal, marketing, sales and IT. It encourages new ties with department leaders in other jurisdictions with different legal regimes (such as the European Union or APAC).

These relationships can be leveraged when a security incident occurs and will lead to a coordinated, efficient response, because your peers will know and trust you. An effective privacy council builds allies in many departments who may actively buy into your general initiatives. Building a privacy strategy proactively and openly may ensure that your goals as a security professional are understood and implemented.

Ken Baylor, CISSP, CISM, CIPP, is vice president and CISO of Symantec Corp. and a Security Executive Council member (www.csoexecutivecouncil.com)

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

This month in Access Control

Latest Jobs

Popular Stories

Resources

Back to Top