In today’s digital global marketplace, the need to protect private personal information has become paramount. In addition, security hazards, technology and the legal environment around the world are constantly evolving, requiring flexible responses to changing opportunities and risks. Businesses entrusted with sensitive customer and employee data must be able to use and share those assets while ensuring that they collect only the data they need, safeguard it from access by those who are not authorized and dispose of it in an appropriate and timely manner when it is no longer needed for business purposes.
All of us must monitor and be alert for vulnerabilities in our security system and speak up when we see them. We are responsible for understanding and ensuring compliance with the applicable laws governing data privacy and security in the countries where we do business. Different countries have different perspectives on privacy (for example, whether individuals should have a right to “opt in” to or “opt out” of having their data used), and we must ensure that we comply with the most stringent laws in effect. We are also responsible for the actions of our third-party vendors regarding privacy protection, including data processing companies.
When transferring personal data (for example, employee payroll information), we must adhere to security protections and be sure that our third-party partners follow the same strict guidelines. These may include obtaining prior written consent of the individuals concerned.
What Is Data Privacy and Security?
Data privacy and security is the expectation that one’s private personal data will be kept confidential. Our company collects, accesses and stores large amounts of data about our customers and employees as a vital part of our ongoing business activity. This includes personally identifiable information (PII) such as name, email address, Social Security number, credit card numbers, checking account numbers and phone numbers.
All those who have shared this valuable information with us must feel confident that we will keep it private and protect it from being disclosed to anyone who is not authorized to see it or use it. Customers and employees also need to be able to trust that they will be notified in a timely manner in the event of a security breach.
Important Things to Know
-Protecting company assets is the job of all employees, not just the IT department.
-Information security includes confidentiality (controlling who has access), integrity (ensuring that the information is accurate and has not been tampered with) and availability (accessing an asset when needed).
-Cyber attackers are becoming more sophisticated all the time. They may begin by seeking seemingly innocuous or unrelated information, such as the type of hardware, software, and system configuration or authentication procedures used by the organization.
-Attacks may also come from third-party vendors.
-Although it is becoming commonplace for employees to use their own devices for company business, doing so enhances security risks, so we must take special precautions in this case.
-Not all internet connections are secure, and some may also “reroute” a user to an unsecure site.
-Our company has specific policies regarding system security, network security, internal and external data access and incident response plans.
-We perform regular security audits to ensure that our procedures are up-to-date and adequate for current technology.
Warning Signs and Consequences
Some red flags of a potential privacy breach include:
-Work stations, laptops, cell phones or other devices left unlocked or unattended.
-Using default passwords, or duplicate, outdated or easily deciphered passwords.
-Failing to encrypt email messages, including attachments, when sending user credentials or other sensitive data.
-Failing to back up data on a regular basis.
-Failing to shred discarded sensitive paper records.
-Copying and forwarding confidential information to third parties without proper authorization or security protections.
-Exposing sensitive information to theft or misuse can have huge legal and financial consequences for BBNC.
Please contact your IT team or BBNC’s Compliance Department for more information and guidance on data privacy and security questions or issues. We are happy to help!