A key part of data privacy laws that affect North American organizations – various U.S. state legislation, HIPAA (Health Insurance Portability and Accountability Act), the EU’s GDPR (General Data Protection Regulation), and the soon-to-be-updated PIPEDA (Personal Information Protection and Electronic Documents Act) Act of Canada – requires those that suffer a data breach to notify affected individuals and/or to report the circumstances of the breach to the relevant authorities.
To do that, you need to know what personal data you hold that might have been affected. Depending on the laws that apply to you, you may have as little as 72 hours to report what data has been compromised. Knowing the data you hold inside out will save you a lot of panicked hand-wringing, and will make life a lot easier when the breach happens.
Get to grips with your data
A data flow audit will document the data you hold, where and how you hold it, how you transfer it, who has access to it, and who is responsible for it. A data flow map will represent this information in a visual, easy-to-understand way. It will also make it easier to see areas where you might need to improve your security and update your contracts. For example:
- Do you have customer data in emails? If someone at your organization falls for a phishing scam and gives access to a criminal hacker, how far back can the crook access email records? Can they access anyone else’s emails? Or other files on the hard drive, on the network, or in the Cloud?
- What data do you have stored on USB sticks collecting dust in a drawer? Who could open the drawer and plug them in? Are they encrypted?
- Do you keep customers’ phone numbers on cell phones? How are they protected if a phone gets lost?
- What paper records do you keep in filing cabinets, or out on a desk? When do they get destroyed, how do they get destroyed, and who destroys them? Is disposal done on-site or do you employ an organization to take them away and destroy them for you? What happens if this organization’s van is in an accident and your papers scatter to the wind?
- If you use a delivery company to deliver parcels to customers on your behalf, how do they store people’s names and addresses? What do they do with the data you have given them?
- If you outsource your website hosting, what customer data does your web host have access to? If you use a social media app, e.g. to run a contest, how does the app provider collect and store customer data?
Data Flow Mapping Tool
Figuring out all this information from scratch and creating a data flow map sounds like a mammoth task, but it needn’t be. Our Data Flow Mapping Tool simplifies the process, giving you a thorough understanding of what personal data your organization processes and why, where it is held, and how it is transferred. Want even more help? Our GDPR data flow audit service does the work for you.
Our pick-and-mix security protection products provide a safety net and give you peace of mind. Choose the products that will best help you prepare for or handle a data breach. The more you spend, the more you save.