Privacy Ref Blog
Your staff needs to be “privacy aware”
When it is all said and done, no matter what policies you put in place, no mater what procedures you define, no matter what documentation has been written to support your privacy program, it is worthless unless your organization’s staff is knows that these tools exist making them “privacy aware”. Here are a couple of horror stories:
- A nationwide pharmacy chain has a book that you sign when you receive your prescriptions. Upon signing you indicate if you want to talk to a pharmacist and if you prefer not to have a safety cap on your bottles. The person at the counter takes a pre-printed label from the prescription bag and places it next to where you should sign. The book is kept on the counter near the cash register and publicly displayed. There are several pre-printed labels on the bag, some with the name of the prescription and the person receiving it, others with just an order number. A new, poorly trained counter person used the labels with names for several pages of prescriptions allowing everyone to see what medications their neighbors were taking.
- A small business with a telemarketing operation wanted to make it easy for customers to reorder product. For each transaction they wrote the customer’s credit card number on the inside of the customer’s paper file folder. The company kept the file folders in unlocked cabinets in an unsecured area of a warehouse allowing wide access to customer credit card numbers.
- A technology service company had a retail operation and business had taken off. To allow business customers who wanted to discuss an on-going relationship to avoid waiting in line at the retail store the company placed a pad of paper on the counter and asked these customers to provide their name, business name, email address, and telephone number. The pad was on the counter for a few days, but at the end of the week it was missing. It turned out that a competitor had taken the pad and was contacting the customers on the list explaining that the original company was too busy to help them so he was asked to take their business.
You can find regulatory violations, brand damage, and direct lost business in these cases. In each of these situations either the person executing a process or the person who had created a process was not aware of the privacy issues being created. By stepping up privacy awareness efforts these situations could all have been avoided.
There are several ways to improve privacy awareness that I will be discussing over the coming blog entries, but what approach do you have that you are willing to share?
Privacy Ref provides consulting and assessment services to build and improve organizational privacy programs. For more information call Privacy Ref at (888) 470-1528 or email us at firstname.lastname@example.org
Posted on September 24, 2012 by Bob Siegel
, Customer Service
Want to find out more?
Simply go to the contact page, fill out the form, and someone from Privacy Ref will be in touch with you. You can also send an email to email@example.com or call (888) 470-1528.
April 16, 2018
IAPP Training Classes
Privacy Ref is proud to announce that we are an official training partner of the IAPP. You now have the opportunity to learn from one of our knowledgeable privacy professionals using the most respected training content in the industry. The robust interactive training offered, aids in the understanding of critical privacy concepts. The contents of the courses are integral to obtaining your privacy certifications and to educate your new team. Learn more here
Latest Blog Posts
December 19, 2018
When I made the transition from working in American Politics to learning about Privacy, the first tidbit of information I was given was that there was a difference in terminology between the American and the European practice. In America, we use the term Privacy but in Europe they use the term Data Protection. As I continued my journey in “Privacy” and I considered how my new-found training would have impacted my career in politics, I have come to feel that the term data protection is more applicable to the needs of political campaigns. If I were to review the numerous political campaigns that I have managed, marketed, and organized, data protection has always been woefully inadequate throughout them all.
Continue reading this post...
One of the questions I receive, mostly from my wife’s family and students considering their future careers, is how I got into privacy. It’s an interesting topic for me. I am a huge nerd, this is no secret, and my passion for games has played a huge part in my growth as a privacy pro.
Continue reading this post...
Other Recent Posts