The definition of privacy has had many different interpretations in recent years, aligning with the rapid growth of social media, Internet transactions and digital marketing. As a result, even trusted organizations can be susceptible to privacy violations in the form of security breaches under the right—or wrong—circumstances. For some, when privacy is violated, what results may only be a minor inconvenience, such as having to change a password. But the real threat of a breach is identity theft, which can allow attackers to apply for loans, purchase firearms or even commit crimes, all under false names.
It was once thought that the best and, for the most part, only response to this issue was compliance with data protection laws. Yet some privacy legislation is outdated or impacts the private sector differently than it does the public. It has become clear that to be successful internally and project safety to customers externally, organizations must take a proactive stance on privacy.
Fortunately, the threat of a security breach can be tampered by implementing privacy by design and privacy by default. The principles of privacy by design state that every process, product and project be engineered with privacy in mind, while privacy by default encourages the standardization of such privacy-protecting measures within the organization.
To further explore the topic of protecting privacy and provide guidance about the right approach for organizations to take, ISACA® has released the Privacy: Beyond Compliance white paper. Learn more about implementing effective privacy protection measures by reading Privacy: Beyond Compliance, available on the ISACA website.