link to ARMA about us

General Information                     
Overview
What is RIM?
RIM FAQs
Leadership                       
Board of Directors  
Executive Officers  
Staff Contacts  
Governance                      
Mission, Vision, Values  
Code of Professional Responsibility  
Strategic Issues*  
Operating Plan*  
Board Minutes/Reports*  
State of the Association*  
Election Information*  
Chapters & Regions                              
Chapter Leadership Directory
Region Leadership Directory
Leadership Resources**
Chapter Listing
Awards                                                    
Awards
Cobalt Award
Educational Foundation  
Media Relations  
Advertising Information                         
Media Kit
Sponsorships
Expo Guide
Buyer's Guide
Exhibitor Prospectus

join ARMA

Member Benefits  
Membership Applications                                 
New Application
Renewal Application*
LINC Application
Networking Opportunities                            
ARMA iConference
Social Media Sites
Chapter Leadership Directory
Volunteer Opportunities                            
Task Forces
Officer Candidate Application*
Code of Professional Responsibility  

ARMA publications

What is RIM?  
Regulatory Updates           
Washington Policy Brief
Canadian Policy Brief
Global Policy Brief
Standards           
Standards & Best Practices
Glossary of RIM Terms
Information Management magazine  
Buyers Guide  
InfoPro Online*  
RIMinder Newsletter  
Newswire  
Washington Policy Brief  
Canadian Policy Brief  
Global Policy Brief  
Hot Topic  
Advertising Rates  

ARMA Resources

Standards           
Standards & Best Practices
Glossary of RIM Terms
Professional Competencies  
Code of Professional Responsibility  
Training Programs  
Podcasts  
Books & Videos  
RIM Promotion Materials  
RIM 101  
Media Releases  
Job Search  
Risk Assessments  
Facilitator Resources

ARMA bookstore

New Releases  
Product Search  
View Order Status  

goto customer service

FAQs
Update Profile
Change Password
View Recent Purchases
Bookstore Order Status
Contact Us
Privacy Policy

My ARMA

Member Logon
Update Profile
Change Password
Account Preferences
Member Directory
Board Minutes*
Strategic Plan*

ARMA site map

   
  Shopping Basket  
 

 



All news

Protecting Personal Data Online

January 30, 2012

An Entrepeneur Inc. article published in Globe and Mail reported that protecting customer privacy should be a priority for all organizations, big and small, as they will face more problems over privacy as digital data files grow in size and importance. The article identifies seven key steps organizations can follow to protect customer privacy, thereby reducing business and legal risks.

Although the article doesn’t specifically reference the Generally Accepted Recordkeeping Principles® (GARP®), its recommendations are clearly consistent with many of the GARP® principles:

1. Conduct a data privacy audit.

Understand what data your business needs, what data it's collecting and how that data is being stored and secured. It is important to pay attention to any data collected by third-party software code, as well, because this data often can be forgotten and create crises for the organization.

The article recommends appointing a key contact in the organization to be responsible for data privacy. “No one ends up knowing what is collected and kept from beginning to end unless someone is in charge of that,” Jules Polonetsky, director of the Future of Privacy Forum, stated. “Someone needs to be accountable.”

Although some organizations may have a chief privacy officer, ARMA International suggests that the records manager/information governance professional is the best candidate for this responsibility. These individuals have the best overall perspective on the organization’s information use and have contacts throughout the organization that can be leveraged to better identify organizational risks and vulnerabilities.

2. Minimize data collection and retention.

The article advises organizations to store only the data they need to deliver their product or service. This minimizes the amount of data that can be lost or stolen by hackers. The GARP® principles would add a caveat that data destruction must be carried out in accordance with established retention schedules and legal requirements. Otherwise, minimizing risk by minimizing stored data only for business purposes is a generally accepted principle.

3. Secure the data you keep.

Many types of data deserve protection because of their sensitive nature – credit card numbers, Social Security numbers, other types of personal information, and corporate business intelligence. ARMA International suggests again that the information governance professional has the best enterprise-wide view on where the sensitive data resides and can work with information security professionals to secure it appropriately.

4. Post a privacy policy.

According to the article, regulators consider privacy policies legally binding agreements between an organization and its customers. Therefore, describe current business practices fully and accurately to be transparent with customers and business partners.  

5. Communicate with customers.

Communicate the organization’s data practices to customers when collecting their data, and point out product or service changes.

6. Give consumers a choice.

According to the article, research suggests customers expect settings and features that let them choose whether to share data, and they want to know that businesses are “serving” them, not “selling” them.

7. Provide a forum for complaints.

The last step highlights the need to give customers an online form or e-mail address for communicating their privacy problems or concerns. The article noted that it is important to respond to complaints and that two-way communication can help build trust and loyalty.

“Don't think you're too small to be noticed in this world of savvy critics,” Polonetsky says. “One aggrieved customer on Twitter … can send the most minor complaint viral.”

One issue often overlooked is protection of data that is in the hands of third-party service providers. To this end, ARMA International offers a number of guidelines related to contracting with outside storage vendors and ensuring that the organization’s information is properly protected. Check out these resources:

  • Guideline for Outsourcing Electronic Records Storage and Disposition
  • Guideline for Evaluating Offsite Records Storage Facilities
  • Contracted Destruction for Records and Information Media
Guideline for Outsourcing Records Storage to the Cloud

Diane Carlisle

NewsWire

Facebook Twitter DZone It! Digg It! StumbleUpon Technorati Del.icio.us NewsVine Reddit Blinklist Add diigo bookmark

NewsWire not only alerts you to the most significant information-related topics in the news, it provides expert analyses that put them in context for you as an information professional. Read regularly, it will help you stay current with compliance, risk management, legal, privacy, and information technology issues and understand their implications for your business environment.

Want to sign up to receive an email version of ARMA International's NewsWire? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    

Advertisement: RSD

Advertisement: Ask the Expert - Imerge Consulting

Advertisement: ARMA Buyer's Guide

 
     
 
about arma     join arma     your membership     contact arma     help   PRIVACY POLICY


© 2009, ARMA International