TRUSTe and the National Cyber Security Alliance have partnered together to produce an infographic on US consumer privacy.
It highlights US citizens’ growing concerns over how their data is used online and who it’s shared with.
The top three US privacy concerns
- 45% are more worried about their online privacy than one year ago
- 92% of US Internet users worry about their privacy online
- Health care providers are most trusted (74%) and advertisers are least trusted (25%)
The fact that nearly all users (92%) worry about their online privacy comes as no surprise, especially when multiple high-profile organizations have had sensitive data compromised in the last few years:
- Anthem: 80 million patient and employee records were compromised.
- JPMorgan: Sensitive financial and personal information of 76 million households and 7 million small businesses.
- Home Depot: 56 million credit card accounts and 53 million email addresses exposed online.
- Target: 40 million credit and debit card accounts, as well as data on 70 million customers stolen.
- Ashley Madison: 33 million user accounts exposed.
What is surprising from the infographic, is that health care providers are ranked most trusted (74%) when it comes to online privacy.
Can your customers trust you with their data?
Since the start of this year, there have been 164 health care data breaches submitted to the US Department of Health and Human Services (HHS), affecting more than 4.6 million people. The largest is 21st Century Oncology, which compromised over 2.2 million people’s data in April.
As with any organization, managing sensitive information across many sites, domains, servers, and people is never going to be easy. The more data you have, and the more locations you can access it from, dramatically increases the risk of compromise.
All health care plans, health care clearinghouses, and health care providers in the US that electronically transmit medical information must comply with HIPAA.
How ISO 27001 can help
Health care organizations are increasingly required to comply with multiple cybersecurity laws and regulations (such as SOX, HIPAA, the PCI DSS, and the GLBA). Combined with protecting millions of people’s data, it can cause complete havoc even in the most organized of businesses.
As a result, we are now seeing more organizations seek registration to ISO 27001, the internationally recognized standard, for creating and maintaining an ISMS (information security management system).
ISO 27001 can centralize and simplify disjointed compliance efforts. It is often the case that companies will achieve compliance with a host of related legislative frameworks, simply by achieving ISO 27001 registration.
By virtue of its all-inclusive approach, ISO 27001 encapsulates the information security elements of HIPAA by providing an auditable ISMS designed for continual improvement.
To find out more about ISO 27001 and how it can benefit your organization, read ISO27001/ISO27002 A Pocket Guide. It provides a useful overview of the standards, and is packed with practical advice for implementing an ISMS.