Governance to Keep Private Information Private
Who doesn’t have something they’d like to keep private? Maybe it was that outfit you wore to a high school dance that seemed stunning at the time, but in retrospect, not so much. You hope that no photos of it exist. Or that comment you made about the negative aspects of a neighbor’s house remodeling project without realizing the neighbor could hear you. Where’s that cone of silence when you need it?
Regardless of the repercussions of a bad clothing choice or the necessity to grovel while apologizing to your neighbor, other privacy matters have more severe consequences. Someone who has been cited for running a stop sign, or those falsely accused of a crime they are later proven not to have committed, have very valid reasons for wanting those actions kept private. You probably don’t want your medical conditions broadcast to the world at large—or to your employer. You want the knowledge of precisely who you voted for kept secret, although you do want people to know that you did your civic duty and voted. You also don’t want criminals to have access to your bank account or your credit card passwords. What about your email? You probably don’t want a stranger reading your messages.
Leaks of private information can have disastrous results. In business, you might have a technology, the details of which you don’t divulge because they give you a competitive advantage. Memos and reports regarding a new product launch or a strategic acquisition should be private. For public companies, early release of earnings data will attract the ire of the Securities & Exchange Commission. The resignation of the U.K. ambassador to the U.S. over leaked memos to his government is another object lesson about the importance of privacy.
There’s an ongoing paradox when it comes to privacy. On the one hand, privacy matters, and individuals want their personal information to be private. On the other hand, social media, particularly Facebook and Twitter, encourage us to share information that we might otherwise keep private. A photo of your dinner plate and the awesome presentation that a wonderful restaurant has created on it is perfectly acceptable. A photo of your newly received debit card, complete with full number, your name, and the CSC code is seriously stupid.
Creating Privacy Guidelines
Within the enterprise, it’s the job of the information governance team to keep private information private. Private information comprises any personal data that has been collected about individuals. That is becoming an increasingly important task, as outside legislation takes a very dim view of data breaches. Individuals’ right to privacy is now codified, most stringently in the European Union’s General Data Protection Regulation (GDPR). Companies and non-profit entities alike raced to be in compliance by May 25, 2018. Since GDPR took effect, more care in protecting personal data has become imperative.
As information governance experts know, and are at pains to inform upper management, the fact that it originated in the EU doesn’t mean it is restricted to Europe. It affects all enterprises, even those outside Europe, if they have any data from EU citizens or offer goods and services to EU citizens. Other geographic entities, such as California, are looking favorably at GDPR and drafting legislation to further protect consumers.