Skip to content
You Are Here Home : Weissman’s World Blog : Governance and Privacy: The Biggest Risk is Us

Governance and Privacy: The Biggest Risk is Us

Biggest Risk is Us

When people think about privacy, they often look outward, to cybercriminals attempting to penetrate systems and steal personal information. But most privacy risks are found much closer to home: not in external malicious activity, but in ordinary internal workarounds that emerge because of practical gaps in information governance.

We see it all the time:

  • Remote workers who cannot access their approved repository and save sensitive documents to unprotected shared drives instead
  • HR staff who email confidential data to managing directors rather than provide a link to the designated single source
  • Departments that maintain their own spreadsheets of personal information because the official system is “too hard to use”

These situations are not the result of evil intent, but rather well-meaning efforts to get work done. As such, these are not privacy problems per se; they are governance problems with privacy consequences.

Prevention Begins at Home

Good governance is not about responding to privacy breaches after they occur. Rather, it establishes the internal operational discipline needed to prevent them by setting expectations, standardizing practices, and demanding accountability.

Installing this discipline requires some intensive self-reflection to understand not only where you may have privacy gaps but also why and what to do about them. In a few words,

  • Identify where personal information is being stored (by system geography, jurisdiction)
  • Investigate why mis-located data isn’t properly stored (incorrect permissions, slow network connections, lack of awareness)
  • Remediate the current situation and address the underlying causes so they don’t happen again
  • Move sensitive data from incorrect locations to the right ones deleting as you go
  • Adjust policies and procedures as needed to minimize recurrence
  • Train your people (and train them again)
  • Audit periodically to confirm that sensitive information remains where it belongs, ascertain emerging risks, and maintain alignment of your practices with your obligations

Workarounds are an inevitable part of business life as people seek to do their jobs with as little friction as possible. The challenge is not eliminating workarounds – it’s ensuring that the easiest way to work is also a safe way to work.

This is the promise of effective information governance: to create an operational environment where systems, processes, policies, and behaviors work together to protect information by design. In truth, employees generally want to do the right thing; good governance ensures the right thing is also the most practical thing. Your job is to implement a program without obstacles to following secure practices.

Leave a Comment

Discover more from Holly Group LLC

Subscribe now to keep reading and get access to the full archive.

Continue reading