Ostendio is proud to be a supporter of Data Privacy Day, January 28th 2021. The day is organized by the National Cybersecurity Alliance as an international effort to empower individuals and businesses to respect privacy, safeguard data and enable trust. As a leading integrated risk management platform provider, Ostendio supports this mission of helping companies become perpetually secure.
The Ostendio MyVCM platform handles over 70,000 security and privacy user actions each month including publishing and approving policies, security and privacy training, asset management and vendor management. These activities mean our customers are using the Ostendio MyVCM platform to understand what data they have and to manage who should have access to it. This enables organizations protect sensitive information, manage their risk and to operate in compliance over 100 security and privacy regulations and standards globally.
“Understanding what data we have and who should have access to it is a critical part of privacy management,” said Grant Elliott, CEO and chairman of Ostendio. “By using the Ostendio MyVCM platform, companies can track this information real-time allowing them to build a culture of security and privacy that moves beyond episodic audits.”
Ostendio customers join the MyVCM Trust Network and this widens the breadth of their security program by allowing them to connect with their vendors and auditors to help them safely share security information. MyVCM Trust Network members can invite their vendors to complete custom risk assessments and share information easily and in real-time, or share relevant information with their auditor as part of the regular audit process. Vendors can demonstrate compliance to their customers in a real-time, always-on fashion, easing sales processes and reducing compliance burdens. Companies can mandate that vendors provide their compliance information directly with them, via the Ostendio MyVCM platform. This dramatically reduces the risk of vendor-related data breaches. Likewise, auditors get access to timely, auditable data increasing the efficiency of the audit for both parties.
The National Cybersecurity Alliance offers this advice to businesses on Data Privacy Day.
ADVICE FOR BUSINESSES: RESPECT PRIVACY
According to a Pew Research Center study, 79% of U.S. adults report being concerned about the way their data is being used by companies. Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth in your business.
Calls to Action:
- If you collect it, protect it. Data breaches can not only lead to great financial loss, but a loss in reputation and customer trust. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. Make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes.
- Consider adopting a privacy framework. Build privacy into your business by researching and adopting a privacy framework to help you manage risk and create a culture of privacy in your organization. (Of course you may not have a choice if you fall under the reach of GDPR or CCPA.) Get started by checking out the following frameworks:
- NIST Privacy Framework
- AICPA Privacy Management Framework
- ISO/IEC 27701 – International Standard for Privacy Information Management
- Conduct an assessment of your data collection practices. Understand which privacy laws and regulations apply to your business. Educate your employees of their and your organization’s obligations to protecting personal information.
- Transparency builds trust. Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used and design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy.
- Maintain oversight of partners and vendors. If someone provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information.
By using the Ostendio MyVCM platform businesses can complete these recommended tasks and build a more secure and transparent organization. The Ostendio Professional Services team helps organizations of all sizes as they build a robust data security and privacy program. Engaging our Professional Services team is the perfect solution to supplementing your organization’s compliance team when you are setting up your security program for the first time or preparing for an audit.
What challenges does your organization face with data security and privacy? Share your challenges with us here.