Leading companies are integrating information security, privacy and digital ethics from the outset of product and services development. Embracing the concept of Privacy by Design. This approach enables them to better engage with existing customers and attract new ones. The benefits of business security and privacy in an increasingly digital economy cannot be ignored, nor can the aggressive domestic and international data enforcement agencies who oversee GLBA, CAN-SPAM, TSR, COPPA, HIPAA and the EU GDPR. This page contains articles, resources and websites focused on business security and privacy issues.

Articles on Business Security and Privacy:

Moving Forward with Cybersecurity and Privacy

How organizations are adopting innovative safeguards to manage threats and achieve competitive advantages in a digital era. Key findings from the PricewaterhouseCoopers (PwC) Global State of Information Security Survey 2017.

Six Biggest Business Security Risks and How You Can Fight Back

IT and security experts discuss the leading causes of security breaches and what your organization can do to reduce them.

Resources on Business Security and Privacy:

Start with Security: A Guide for Business

Business Security and Privacy by design. A helpful guide introducing the field of business information security. Threats to your data may transform over time, but the fundamentals of sound security remain constant. You need to remain informed of what personal information is in your files and on your computers, and keep only what is needed. You should protect the information that you keep, and properly dispose of what you no longer need. And, of course, you should create a plan to respond to security incidents.

GDPR Basics

The European Union’s General Data Protection Regulation (GDPR) goes into effect May 25, 2018, and places substantial responsibilities on those companies and individuals that collect, store or use the personal data of EU citizens. It must be remembered that in the EU, privacy is a fundamental human right. The penalties for violating GDPR provisions can be as high as 4% of an organization’s annual revenue, which is a staggering increase in penalties over the prior EU Data Protection Directive.  Here is the text of the GDPR along with a helpful annotated GDPR site with cross-references. TrustArc‘s website contains a  wealth of information and resources to assist organizations assess, implement and demonstrate compliance with the GDPR.

Audio recordings of the text of all 99 Article of the GDPR, available for your listening pleasure thanks in part to the brilliace of Amazon Polly.

Want a Cookie?

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. The ePrivacy directive – Article 5(3) – requires prior informed consent for storage or for access to information stored on a user’s terminal equipment. In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them. There are now technology solutions to manage cookie consent and use.

Security & Privacy Made Simpler

Better Business Bureau Guide to understanding today’s data security and privacy challenges that affect small businesses.

AdChoices Self-Regulatory Program

Best Practices for brands, website operators and advertising agencies using Online Behavioral Advertising (OBA) requires compliance with the principles established by industry self-regulatory associations in the United States (DAA) , Europe (EDAA) and Canada (DAAC) which requires visitors be provided with notice and choice regarding the use of their information. There are now certification service providers to assist in implementing and demonstrating compliance with the self-regulatory framework and obtain the consumer recognized Trust Seals.

Implement Strong Password Policies

Passwords are critical gateways to your company’s databases and networks. But they’re also potential open doors for hackers. This video includes tips for creating comprehensive password policies to protect your business.

Protecting Personal Information: A Guide for Business

Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data. If this information falls into the wrong hands, it can lead to fraud or identity theft. The principles in this brochure can help a business keep data secure.

Privacy and Security 

Here is a comprehensive information page on various information privacy and security issues facing U.S. businesses today.

Control Access to Data

Companies need to manage who gets their hands on their data. Includes tips for controlling access to sensitive data in your business.

Data Breach Response: A Guide for Business

This guide addresses the steps to take once a breach has occurred.

Defend Against Ransomware

Ransomware can wreak havoc on your business. Learn about ransomware – what it is, how to defend against it, and what to do if your business is the victim of a ransomware attack.

Competition Policy Guidance

In conjunction with its law enforcement and advocacy work, the FTC provides guidance about the application of the U.S. antitrust laws to promote transparency and encourage compliance with the law.

AWS Cloud Security

Amazon Web Services (AWS) cloud allows businesses to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment.

Privacy Shield for EU to US Data Transfers

A mechanism for companies on both sides of the Atlantic to comply with European Union and Swiss data protection requirements when transferring personal data from the EU or Switzerland to the United States. The Privacy Shield Framework provides a set of robust and enforceable protections for the personal data of EU individuals. To join either Privacy Shield Framework, a U.S.-based organization will be required to self-certify annually to the DoC and publicly commit to comply with the Framework’s requirements of: Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access; and Recourse, Enforcement & Liability. Privacy Shield companies often rely upon expert providers to assist in the critical tasks of assessment, proof of compliance and independent dispute resolution mechanisms essential to the annual self-certification process.

AWS HIPAA Compliance

AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure AWS environment to process, maintain, and store protected health information. AWS offers a HIPAA-focused Whitepaper for customers interested in learning more about how they can leverage AWS for the processing and storage of health information. The “Creating HIPAA-Compliant Medical Data Applications with AWS” whitepaper outlines how companies can use AWS to process systems that facilitate HIPAA and HITECH compliance.

Websites on Business Security and Privacy:

Federal Trade Commission

The FTC is a federal agency with the dual missions of protecting consumers and promoting competition.  The FTC is the principle online business enforcement agency, conducting investigations, prosecuting companies and people that violate the law, developing rules to ensure a competitive marketplace, and educating consumers and businesses about their rights and responsibilities. The FTC collects complaints about data security, deceptive advertising, identity theft and Do Not Call violations, and makes them available to law enforcement agencies worldwide for follow-up.

Department of Health & Human Services

The U.S. federal agency with primary responsibility for oversight and enforcement of Health Insurance Portability and Accountability Act of 1996 (HIPAA), and Substance Abuse and Mental Health Services Administration (SAMHSA) Compliance issues.

Consumer Financial Protection Bureau

The U.S. federal agency with primary responsibility for oversight and enforcement of consumer financial services products and industry participants.

AWS Privacy and Security Regulatory Compliance Services

AWS serves its customers with a wide variety of compliance resources and whitepapers.  This website has a wealth of compliance knowledge especially as applied to cloud computing.