Most businesses today are aware of the need to have a comprehensive data security strategy to protect themselves, their employees and their customers from various security threats. Fortunately for many small to medium-sized businesses, due to their size and simpler business structures, a standard data security plan will be enough to accomplish their data security needs.
However, the same cannot necessarily be said about enterprise-level organizations like OEMs, which tend to have much more complex business structures. The Enprecis Group enterprise-level organizations often have structural challenges that other smaller businesses usually do not encounter, such as widely diverse clientele, multiple products and services offered across geographical locations, discrete internal departments or organizational units, and most importantly, significantly more business data.
The massive volume of data that businesses are collecting, including financial transactions, location-based data, Vehicle Identification Number, and customer interactions, is growing exponentially. Problems addressed by big data analytics are those for which insights and answers arise from analysis of vast, complex or disparate data sources.
The promise of actionable insight from data isn’t new – business intelligence and other analysis capabilities have long been present in many organizations. What is new is the rate at which data is growing, the way the data is changing and the demands being placed upon it. With the capability to properly analyze threats, risks and incidents from a wide array of data sources, the insight from big data analytics helps executives and boards better manage the risk/reward balance in cyberspace.
As big data continues to be a game-changer for businesses, the security risks have become even greater. Users are becoming alarmed about how much data is being collected, with whom the data is being shared and how it is being used. There is a clear need for better engagement with key stakeholders and joined-up thinking throughout organizations with the adoption of clear guidelines and best practice on the usage, storage and transfer of data both inside and outside the business.
THE IMPORTANCE OF PROTECTION OF PII
Personal Identifiable Information collected and used by a business either through the operation of services it performs for its customers or simply information it collects from its employees must be protected to prevent such information from being obtained by and/or misused by third parties.
Although the definition of what constitutes Personal Identifiable Information (“PII”) may vary slightly from country to country, generally speaking, PII is any information that is linked, linkable or that can be traced back to an individual. The most common examples of PII would be names, addresses, emails, telephone numbers, bank/credit card details and health information. The foregoing list is by no means exhaustive.
The collection and processing of PII has become a highly-regulated area throughout the world and regulations are constantly evolving from territory to territory. Further, breaches of data protection can lead to onerous consequences from large regulatory fines to commercial damages for breach of contract. Of equal importance is ensuring that your company has measures in place to minimize, if not eliminate the irreparable damage to its reputation and business that can occur should it be found to violate or act in contravention of Data Privacy and Data Protection laws in the countries in which it provides services to and gathers and processes PII.
ENSURING COMPLIANCE ON BEHALF OF OURSELVES AND OUR CLIENTS
- The foregoing summarizes the importance of complying with Data Protection and Privacy Laws in each and every jurisdiction where your company operates and/or provides services.
- Enprecis Group continuously reviews our policies and practices with our worldwide Data Protection and Privacy Compliance partners, to ensure we are fully compliant with the ever-changing laws and regulations.
- In addition, semi-annual seminars are attended by all Enprecis Group employees to ensure they are cognizant of and compliant with the laws and regulations governing Data Protection and Privacy Compliance in each and every jurisdiction in which we provide services.
- Enprecis Group can provide if requested, consultative services relating to best practices for Data Protection and Privacy Compliance in the various jurisdictions in which PII is collected from your customers.
The information set out above is intended solely to provide general guidance on matters of interest for the personal use of the reader, who accepts full responsibility for its use. The information is provided with the understanding that the author herein has not been engaged in rendering legal advice or services. As such, it should not be used as a substitute for consultation with the reader’s legal counsel.
ABOUT THE AUTHOR
General Counsel, Chief Administration Officer
As General Counsel and Chief Administration Officer, Glenn oversees all legal matters, contract administration, human resources, and external relations for the Enprecis Group. Glenn brings over 25 years of legal expertise gained from his own practice as well as other Canadian institutions to his role as a member of the Senior Leadership Team.
For more information, please visit www.enprecis.com/leadership
Enprecis Group Communication Team