Organizations that utilize or share confidential or private information, whether in private industry, government, or non-profit, need to ensure privacy of that information. Lawsuits and liability can be devastating to organizations that fall afoul of the law or damage their reputation beyond repair. Conducting a privacy audit that determines whether best practices within an industry are being followed can prevent litigation and damages and be a selling point at the same time.
A privacy audit will start by examining an organization’s overall structure from a privacy perspective, including operations, organizational structure, privacy policies, and management handbooks. Audits will also look at business models and social media, websites, and other uses of technology being employed by the organization, including data encryption, privacy controls, and multi-factor authentication.
While it is important to protect all information that is not public or proprietary, there is more risk if you are trading in confidential data. It is hard to avoid contact with or storage of confidential data for many modern companies. Confidential data can include any information about minors, healthcare information, medical history or records, financial and accounting information, contact or demographic information, among other categories. When embarrassing information is compromised, lawsuits ensue.
In today’s world of ubiquitous mobile device use, consumer protection laws are trending high. People use devices for convenience, in all arenas of modern life, even the most intimate. In state and federal capitals, consumer protection groups are advocating for the highest possible protection of privacy, with significant penalties for failure to protect. At the same time, industry groups are fighting to ensure that legislation is reasonable and does not have a chilling effect on commerce. California, for instance, has seen great variability in the laws that have come and gone to protect consumer privacy within the Golden State, often with implications for other states, given the trans-boundary nature of websites and online-commerce.
The California Consumer Privacy Act of 2018 was designed to give consumers better ability to control the information that organizations collect. This law was cutting edge when it was passed and it intended to create new rights for consumers in California, including the right to know about the personal information an organization collects about them and how it is used, including categories of information, sources, and third parties with whom the information is shared. It also created the right to opt-out of the sale of that personal information, after you request to opt-out. It vested in Californians the right to delete some types of personal information collected from them in certain situations. To prevent retaliation, the Act also created the right to non-discrimination for exercising these rights. Individuals can file civil lawsuits under this act and businesses that violated their rights may have to pay $750 per incident. Further, the attorney general may assess fines up to $7,500 per incident.
Conducting a privacy audit can save you time and money. The internet, ironically the source of privacy breaches, also provides many cautionary tales and is full of tragic examples that demonstrate that an ounce of prevention is worth a pound of cure. The legal professionals at Grant | Shenon are experts in privacy laws and are ready and willing to help conduct a privacy audit and help you prevent lawsuits, reputational damage and serious breaches of privacy. Please contact us for a free consultation, we look forward to meeting with you.