Data Privacy Day 2015: Highlighting the Importance of Data Stewardship

Virtually everyone would agree that organizations that collect, store, and access personal data should be held responsible in the event that the data is improperly accessed or released, from companies collecting data on digital consumers and governments collecting data on digital citizens. Nevertheless, the cultural norms and legal infrastructure necessary to promote responsible data stewardship are still in their infancy, and many executives and administrators have a difficult time justifying cybersecurity expenses that add little to the organization's bottom line over the short term.

The Fair Information Practice Principles (FIPPs) are a set of principles intended to govern the responsible use of personal information. Ideally all organizations should adhere to the FIPPs when handling personal information. Since their introduction by the Federal Trade Commission in 2000, the FIPPs have grown to build a solid foundation that provides confidence and trust in online transactions, however they remain a voluntary framework.

Many legislatures have begun exploring legislative options to hold companies accountable in the event of data breaches, however several considerations should be kept in mind. First, many proposed bills confer liability only on private organizations, and overlook the responsibility that government agencies have in keeping our data secure. Additionally, there is the danger that legal requirements to act in the event of a breach will become a 'floor.' Once organizations meet the basic legal requirements outlined in legislation, they may argue that they have no responsibility to take additional actions that they might have otherwise undertaken absent a minimum standard and in the face of greater legal uncertainty.

It is imperative that consumers and stakeholders hold organizations accountable by demanding a 'culture of prevention' that rewards executives and administrators for investing in technologies that guard against data breaches and identity theft before they happen.

Add comment

Security code

Learn How