Week 3: October 16-20
Connected devices, digitized records, smart cars, and smart homes have become a new reality. Week 3 reminds citizens that their sensitive, personal information is the fuel that makes these smart devices work. While there are tremendous benefits to using this cutting-edge technology, it’s critical to understand how to do so safely and securely.
During Week 3 of NCSAM, consider taking the following actions to create a culture of respecting privacy, safeguarding data, and enabling trust in your organization.Business privacy
How Everlaw protects the privacy of our employees and customers:
If you collect it, protect it
Follow reasonable security measures to protect individuals’ personal information from inappropriate and unauthorized access.
As we discussed in our Week 2 post, Everlaw undergoes regular, independent vulnerability scanning and penetration testing, as well as annual audits to maintain our SOC 2 Type II certification in Security, Availability and Confidentiality. Our holistic compliance program covers not only security and confidentiality, but our commitment to our customers, professional ethics, and our company values.
Be open and honest about how you collect, use, and share personal information
Clearly communicate your data use practices and any features or settings you offer to consumers to manage their privacy.
Communicate clearly and often what privacy means to your organization and the steps you take to achieve and maintain consumer privacy and security.
Create a culture of privacy in your organization
Educate employees about their role in privacy, security, and respecting and protecting the personal information of colleagues and customers.
As discussed last week, Everlaw has a robust security training program which includes security and compliance onboarding, live annual information security training, as well as annual training using computer-based modules for specific topics. But culture is not only about training our team, it is visible every day in the office where our team members display their vigilance regarding the physical security of our office, and the importance of keeping our clients’ data secure. Everyone on the team knows they have a role to play in making sure privacy and security of information is achieved and maintained.
In addition to your privacy practices, do your due diligence and monitor partners and vendors
You are also responsible for how they use and collect personal information.
Another one of the Foundational Principles for Privacy by Design is ensuring protection of data throughout its lifecycle. At Everlaw, this means that we perform due diligence on our vendors, such as AWS, and undergo independent auditing of our entire infrastructure annually during the SOC 2 Type II certification process.
Thanks for celebrating NCSAM with Everlaw!
Come back next week for our Week 4 NCSAM update.