How to Promote Privacy Best Practices at Work

Data privacy is increasingly top-of-mind for today’s executives. The 24^th Annual Global CEO Survey—US Findings found that chief information security officers (CEOs) ranked cybersecurity and data privacy second among 11 areas of impact and value, which is why many organizations are putting financial resources behind privacy initiatives.¹

This top-down recognition is essential, positioning organizations to take action against data exposure and privacy violations. However, to successfully protect enterprise and customer data, data privacy must be more than just a C-suite priority. It must make its way down to the employees who handle this highly sensitive information regularly. In that regard, there is undoubtedly work to be done.

Accidental and malicious data exposure is frighteningly pervasive. For instance, a privacy compliance survey found that 70% of IT leaders identified an accidental internal data breach in 2019.² Meanwhile, more than 90% of cloud data breaches are caused, in part, by human error.³

This is especially prevalent in a post-pandemic environment that makes data exposure and privacy violations more common. A 2020 assessment on insider risk found that employees are now 85% more likely to expose sensitive information than they were before the pandemic.⁴

Although most IT leaders claim that they trust their employees⁵ to protect data privacy when working remotely⁶, nearly half of said employees self-report that they are less likely to follow safe data practices when working remotely as distraction, lack of oversight and productivity guidelines push them to make precarious decisions about data privacy. 

IT leaders need to ensure that their teams (especially their hybrid workforce) protect peoples’ privacy. For leaders looking to emphasize data privacy among their teams, training, accountability and continual risk assessments are the best places to start.

Know the Risk 

Employees need regular data privacy training. Today’s employees have a lot on their minds. In addition to navigating the fallout from an unprecedented pandemic and a newly decentralized operational environment, they have countless tasks and responsibilities that occupy their time and attention. As a result, data privacy is not being prioritized. Leaders have an opportunity to bolster their organization’s data privacy capacity by teaching their employees how to protect customer data with regular data privacy training. 

Employees need to know what they are protecting.⁷ Categorically, any sort of personal data or digital identity data should be easy to spot; it includes information such as names, identifying codes, telephone numbers and e-mail addresses. However, managing this information can become so routine that it fails to elicit an intentional defensive response.

That is why IT leaders need to train their employees on the importance of data privacy protection. According to Teach Privacy, an organization that helps other organizations promote privacy awareness in the workplace, IT leaders must answer critical questions and provide their teams meaningful answers to questions such as:⁸

• Why should people care about privacy?
• Why is privacy valued by the organization?
• What are the consequences of failures to protect the privacy of customers, clients and colleagues?
• What are the consequences for the organization itself?
• What are the consequences for the individual(s) involved in the failure?

Although training modes and methodologies will vary by organization, it is evident that improving employee awareness is a critical aspect of protecting consumer data.

Leaders have an opportunity to bolster their organization’s data privacy capacity by teaching their employees how to protect customer data with regular data privacy training.

Accountability Is Key 

Employee monitoring supports privacy initiatives. Effective data privacy standards require all employees to vigilantly protect customer PII. Augmented training efforts with comprehensive accountability and threat prevention standards deter privacy violations before they occur. 

Employee monitoring is a powerful tool for providing employee insight without interfering with existing workflows or overburdening teams with exhaustive reporting requirements. Employee monitoring software allows organizations to: 

• Set and enforce specific data access privileges (effectively restricting information access and lessening the risk of a privacy violation)
• Assess data management practices (providing regular feedback on individual privacy protection practices)
• Maintain regulatory compliance (ensuring that the latest privacy standards are always met)

At the same time, employee monitoring also produces helpful risk-management assessments, helping leaders identify high-risk workers and data management practices and allowing them to update protocols appropriately.

Privacy Changes 

The data privacy landscape is rapidly evolving. Many consumers now view an organization’s data privacy reputation⁹ as a meaningful, competitive differentiator while regulatory requirements become more expansive and all-encompassing. 

Organizations need to stay attuned to evolving risk and emerging threats in this environment. Recalibrating privacy efforts to meet a shifting threat landscape positions leaders to empower teams with the latest best practices, which can quickly become antiquated. This makes organizations’ privacy efforts costly and ineffective. 

It is beneficial for organizations to keep up with the latest trends, listen to customer feedback and prepare employees to evolve accordingly. 

Conclusion

In a 2020 report on today’s shifting privacy standards, McKinsey & Company noted, “As consumers become more careful about sharing data, and regulators step up privacy requirements, leading companies are learning that data protection and privacy can create a business advantage.”¹⁰

In other words, today’s organizations are positioned for success or struggle based on their response to today’s privacy expectations. Empowering teams with the right tools at every level is critical for achieving privacy-focused outcomes. It is an initiative that leaders should prioritize now. 

Endnotes

¹ PricewaterhouseCoopers (PWC), 24^th Annual Global CEO Survey–US Findings, USA, 2021
² Ibid.
³ Spadafora, A.; “90 Percent of Data Breaches Are Caused by Human Error,” TechRadar, 8 May 2019
⁴ “Employees Are 85% More Likely Today to Leak Files Than They Were Pre-COVID,” Security, 11 December 2020
⁵ Help Net Security, “Employees Abandoning Security When Working Remotely,” 29 May 2020
⁶ Kohen, I.; “Managing Hybrid Teams: How Small Businesses Can Get It Right,” IT Security Central, Teramind Blog, 30 March 2021 
⁷ US Department of Labor, “Guidance on the Protection of Personal Identifiable Information” 
⁸ Solove, D.; “What Should Privacy Awareness Training Include?” TeachPrivacy, 26 December 2019
⁹ Redman, T. C.; R. M. Waitman; “Do You Care About Privacy as Much as Your Customers Do?” Harvard Business Review, 28 January 2020
¹⁰ Anant, V.; L. Donchak; J. Kaplan; H. Soller; “The Consumer-Data Opportunity and the Privacy Imperative,” McKinsey & Company 27 April 2020

Isaac Kohen 

Is vice president of research and development at Teramind, a leading global provider of employee monitoring, data loss prevention (DLP) and workplace productivity solutions. Follow Teramind on Twitter @teramindco.