The Shared Responsibility Of Information Security And Privacy

By: Dan Cerceo

Data is the fuel that propels modern businesses and our economy.  It is used to develop, market and sell products and services that consumers want or need.  It matches buyers to sellers and creates value throughout the ecosystem. It is powerful. But, as we have learned through numerous Spider-Man movies, “With great power comes great responsibility.”  

I think we can all agree that information security and privacy is a huge responsibility.  But can we agree on who is responsible? Is it the CEO or Owner of your company? Your Chief Information Security Officer or perhaps the CIO?  While some of the aforementioned may be held accountable, they are not the only ones who are responsible.

Is it your cloud provider then?  If your data is stored and processed in AWS, is Amazon responsible?  Or Microsoft or Google? See Amazon’s shared responsibility model for their take on the topic. (Spoiler: Your data, your responsibility)

 

Shared Responsiblility of Info Security And Privacy

 

Is it your software developers? Or your Data Protection Officer in the case with GDPR? Or your legal department? Is it the consumer?  Afterall, it’s often their data that we’re talking about. 

The short answer is that it is a responsibility that we share with many others, both inside and outside of our organization.  It is the responsibility of everyone from interns to executives, from sales reps to software engineers. It is the responsibility of our service providers, clients, and data partners too. 

It really does take a village in this case.  We all have a vested interest in keeping our systems and data secure and maintaining high standards for data security and privacy.

If you own it, are you responsible for protecting it? 

If you are operating in the leads industry - or any industry where consumer data is collected, stored and exchanged - you are responsible for the protection of the data entrusted to you.  Here are some tips to help you navigate these uncertain waters.

 

Hold your partners and suppliers to a high standard.  Trusted third party relationships can be valuable to your business, but they can also pose a risk. Consider partnering only with reputable third parties who take security and privacy as seriously as you do.

 

Trust but verify.  Take a look at your suppliers and data partners’ security practices.  Do they follow security best practices? Do they advocate for compliance with regulations and standards that are applicable to your industry?  Do they offer tools and features that encourage and enable you to protect your data? If they are not willing to talk about it, that is a red flag and might indicate less than stellar security practices or a general lack of concern. 

At boberdoo, we provide the tools and guidance to help you protect your data, but it is up to you to use them wisely.  You can learn more about Lead System Security features here.

 

Transparency can help.  Be clear with customers and clients in explaining how data will be used or shared.  Build trust by providing assurance that you are actually doing what you say you do to protect consumer data.  Have clear contracts and privacy policies that make it easy to understand how data is used and protected as it relates to your product or service.

 

Promote awareness.  Consumers and employees alike need to be aware of the value of data and how to protect it in order to reduce the risk of misuse or exposure of sensitive data. At the very least, we should all understand the basics. (e.g. Using strong passwords and multi-factor authentication, not sharing without consent or permission, keeping our systems and devices patched, etc.)

 

Take the responsibility seriously.  There is a lot at stake.  Revenue, reputation and the viability of your business, just to name a few areas where your practices can make or break you when it comes to security and privacy missteps.  If there are gaps in your policies, procedures or controls, devise a plan to fix them and improve. Security and privacy should be at the forefront of everything we do.

 

Your data is an asset; do not let it become a liability.  If your data has surpassed its shelf-life, get rid of it.  In other words, once your data no longer serves a business purpose, it should be purged from your systems. At boberdoo, we encourage customers to set strict deletion and retention policies against their data sets right out of the gate.  We can help you understand how to meet your business objectives and securely manage your data lifecycle.

 

Subscribe To Our Newsletter

 

Own it.  Even though I believe that we are living in a world of shared responsibility, that doesn’t mean we have a license to point fingers.  You are not off the hook and are indeed responsible for protecting your data (and the data entrusted to you). Treat the data in your care as if it was your own.  


Finally, do not treat security like an insurance policy.  Insurance sits back and waits for something bad to happen.  You have the power to be proactive with your approach to data protection, so do something everyday to level-up your security game.  You will build real trust with customers and turn that into a long-term competitive advantage, helping you win business and be recognized as a responsible custodian of this important resource.

Learn More