Policies and Procedures. Written policies and procedures are the first step in implementing any compliance program and adequate data security safeguards. Having appropriate and well understood technology use, data privacy, and social media policies and procedures may mitigate the risks of non-compliance with privacy laws and regulations. Training/Employee Communications. A formal written compliance program with extensive policies and procedures is meaningless, unless the employees are trained and familiar with proper practices and procedures. Employees must be educated on data privacy practices and procedures of the business, including the appropriate use of technology, so as not to compromise any security or protection of data. Email and social networking can all be used in ways that may pose risks to the business. Employees should be trained on how data can be transmitted or stored on personal devices. What is the business policy regarding the use of personal devices for business purposes? Does the business supply the device? Is a BYOD Policy necessary? Employees may not realize what responsibilities they have to protect and secure business and customer data. Training should be revisited on a regular basis as policies, procedures, and laws may change. New employees should have data privacy and security training as part of any orientation. Overall awareness in data privacy and security can also be enhanced through regular communications with employees via newsletters, email, or other communications. Frequent communication on data privacy and security related topics will help promote a culture and further understanding of the importance of privacy and data security to the business. Employee Background and Compliance Checks. Data breaches or security incidents might not be committed by someone from the outside but by employees. The type of customer data stored or the industry in which the business operates may necessitate more comprehensive background checks of employees. After an employee has joined the company, periodic compliance checks can be helpful in assessing the
173
Made with FlippingBook - Online Brochure Maker