Cybersecurity is an important issue facing companies and legal departments across the country. With high profile, and sometimes embarrassing, data breaches dominating news coverage, data security and privacy have become major concerns. Patrick Manzo, Executive Vice President, Global Customer Service and Chief Privacy Officer of Monster Worldwide, Inc. will be speaking at the Inside Counsel SuperConference on May 12th, 2015 to give insight into these very important issues. He will speak on a panel entitled: Cybersecurity Regulations: What you Need to Know.
Manzo says, “There is a drumbeat of data security issues permeating both the mainstream and legal press, and while individuals may have different levels of understanding and engagement, I’m sure that awareness of these issues is high.” There are differing perspectives and approaches on the issue– risk management and policy on one end of the spectrum, technical issues on the other–but importantly, the conversation is underway and there is cognizance at companies, at all levels, of the important of these issues.
Manzo believes a discussion of cybersecurity must consider both data security and data privacy. He defines data security as, simply, knowing where your data is located, and who may access the data. Data privacy is predicated on data security and requires further understanding how personal data is being collected, processed (and by whom), and transferred, and the consistency of these practices with applicable laws, regulations, and the reasonable expectations of the relevant consumers. Manzo says, “Data security and data privacy are two sides of the same coin, and we trade that coin for consumer trust.”
Since our modern world is so dominated by data, by its collection, its use, and its analysis, both companies and consumers realize that who we share information with and what they do with it is an important issue. Manzo uses the term “good data hygiene” to describe what consumers and companies should work towards, and how it is both a company and a consumer’s responsibility to be aware of these issues. Consumers would do well to acquire a basic understanding of what data they’re sharing and with whom, while companies, Manzo says, “need to be responsible stewards of consumers’ personal information.”
Manzo says, “Data security and privacy should be part of the DNA of a company.”
Data security and privacy are clearly not just IT issues anymore, but instead, Manzo says, “extend into all areas of an organization.” From a company perspective, good data hygiene requires a strong command of data security and a robust privacy program. Manzo also advocates that companies be transparent with consumers and customers about their data security and privacy practices. Transparency requires a company to be aware of what data is being collected and from whom, and what is done with that data–who processes the information, if it is not done in house, and where the information is stored or transferred. Beyond that, a company should have rules and policies in place to protect the information, and should incorporate data security and privacy into employee training, so that all employees are aware of the issues and concerns.
Manzo says, “Transparency allows you to be upfront and clear with consumers. You can say, here’s what data I collect, here’s how I use and protect your data, and here’s what might happen to that data.” Consumers, in turn, need to understand the data they are sharing and reasonably evaluate the attendant risks and benefits, and thereby make an informed decision about sharing their information.
However, it is not just between consumers and companies. Legislation and regulation have a role to play as well. “The Federal Trade Commission has a significant role to play in data privacy and security issues, and they have raised consumer and industry awareness of the responsibilities that go hand in hand with using personal information,” Manzo says. Looking forward, legislation and regulation will play a major role in how companies manage data privacy and security. A clearer, more unified set of rules and laws governing data security and privacy practices, as well as breach notifications, likely enacted on the federal level, would be helpful for consumers and companies.
Right now, companies struggle with a patchwork of laws and regulations. For example, Manzo says, “to respond to a breach, a company must first pull out a matrix of laws and regulations and determine which apply to the situation. The patchwork of rules creates unnecessary complexity and slows breach response and notification efforts.” Moving forward, Manzo says, “more unification of breach response and breach notification laws will be a benefit to consumers and industry.”
Our data soaked society is here to stay, and most have accepted that the risks of having our information available is outweighed by the benefits and the convenience it affords. That said, more understanding, transparency, awareness and clarification can help consumers and companies move forward in this brave, new, information-saturated world.
You can find more information about the Inside Counsel Super Conference here.