Finally, commercial agreements often include insurance requirements and indemnification obligations. Make sure that these contract provisions cover potential data privacy and security risks such as service interruptions, notification costs, data breach, and data loss. Physical Safeguards/Office Design Privacy considerations are not limited to the computer system, network, and related technology. The physical or architectural design of an office or business space can be critical. Staff who have access to sensitive data should maintain locked files and locked office doors. Basic office configuration should not be overlooked. The use of shared printers, copiers and fax machines are potential sources for inadvertent data breaches. A shared printer may allow an employee to unknowingly access sensitive personnel information that they are not authorized to see. When planning office space consider the type and sensitivity of data and information that might be stored in each location. The use of security cameras and locked storage rooms may also be necessary as part of any office design to make sure that customers and employees are not permitted in restricted areas where personal data is maintained. Storage and Maintenance of Electronic Data Most people think of computer systems and related technology where electronic data is stored as the place where a data breach is likely to occur. A review of information technology, however, involves more than just the placement and storage of the servers and computers that contain that private data. What anti-viral software is used by the business and where is it installed? Are all systems secure and backed up, including the servers, laptops, and computers where the data is stored? Is access limited to the right persons? Remote back-up locations may help with disaster recovery and ensure the security of data. What about vendor agreements for any data that is maintained off site? As noted above third party vendor agreements should include appropriate privacy and security obligations. Is personal information stored in a cloud and, if so, what security safeguards are in place?
168
Made with FlippingBook - Online Brochure Maker