Privacy Ref Blog

Human Errors Will Create Privacy Issues

Regardless of the technology you put in place, the safeguards you have implemented, and the training you have provided, ultimately the success of your privacy program relies on the individuals in your organization. The most recent example of this came at the expense of the US National Women’s Soccer Team (USWNT).

What happened to the USWNT?

In full disclosure, I am an avid soccer fan (football for those of you outside the US). I regularly attend the US Men’s teams matches, follow the Women’s team, and am a paying supporter of US Soccer. This organization has let me down.

There has been an on going contract dispute between US Soccer and the union representing the Women’s team players. Without getting into details of the dispute, the New York Times reports that US Soccer decided to sue the union. Contained in the filing were the names, home addresses, and email address of the players…clearly personal information. The information was provided for 28 players including the stars.

Normally, before being filed, the personal information should have been redacted. To their credit, US Soccer has refiled a redacted version. US Soccer also apologized stating, according to the Times, that this was  a clerical mistake.

Why is this important?

Having personal information revealed puts the subject at risk. At risk for stalking. At risk for phishing. At risk for identity theft. Because these players are in the public eye, this makes matters more extreme from a physical security standpoint. Take a moment to read the player’s descriptions of their fears and heir description of a previous incident in the Times article.

The reaction of US Soccer is what is somewhat disturbing. While the suit was refiled and apologies made, the damage was already done. This is not just a clerical error that can be corrected; there may be (will be) changes needed to these players lives. Will US Soccer be providing identify theft protection (as most businesses would)? Will they be providing some additional security to assist in physically protecting the players?

What can a business learn from this?

Often when a data breach occurs the focus is on stopping further loss of data and following the legal requirements for notification. This organization-centric approach can also be said to take place during training and awareness programs through discussions of policy, process, and procedure.

Taking the time to discuss and consider the impact of personal data loss to those whose information has been lost will provide an a valuable addition to your privacy training and awareness. By personalizing the situation, your staff will have a stronger understanding of why privacy protections are important ultimately resducing human error.

  • author's avatar

    By: Bob Siegel

    Bob Siegel, the founder and President of Privacy Ref, Inc., has extensive professional experience in the development and improvement of privacy policies and procedures, the definition of performance metrics to evaluate privacy maturity, and the evaluation of compliance. He utilizes a combination of alignment, adaptability, and accountability strategies to guide organizations in achieving their privacy goals.

    He is a Fellow of Information Privacy and a Certified Information Privacy Professional, awarded from the International Association of Privacy Professionals, with concentrations in U.S. private-sector law (CIPP/US), European law (CIPP/E), and Canadian law (CIPP/C). He is also a Certified Information Privacy Manager (CIPM) and Privacy Technologist (CIPT).

    Siegel is a member of the IAPP faculty, has served on the Certification Advisory Board for the CIPM program the Publications Advisory Board.

    Siegel also writes the blog “Operational Privacy” on CIO.com

  • author's avatar

  • author's avatar

    Happy Data Privacy Day
    What is the difference between privacy and security?
    My Mother Understands
    EU-US Privacy Shield is coming. Now what?
    Three privacy thoughts to start 2016

    See all this author’s posts

Privacy Ref provides consulting and assessment services to build and improve organizational privacy programs. For more information call Privacy Ref at (888) 470-1528 or email us at info@privacyref.com

Posted on February 8, 2016 by Bob Siegel
Tags: , , , , ,

« »

No Responses

Comments are closed.


« »

Subscribe to our mailing list

Please fill out the form below.

Required

Want to find out more?

Simply go to the contact page, fill out the form, and someone from Privacy Ref will be in touch with you. You can also send an email to info@privacyref.com or call (888) 470-1528.

News

January 16, 2017

Data Privacy Day 2017 Events
Privacy Ref has two free webinars to celebrate Data Privacy Day this year. The first is our free Privacy Fundamentals Course.

You can also register for our presentation on Privacy Ref's Predictive Model for the Cost of a Data Breach.

Latest Blog Posts

January 17, 2017

Your Privacy Resolution
A new year usually means setting a goal to remodel that extra bedroom, cut out caffeine, or finally hit the gym for 30 minutes a day.  This year you have an even greater goal in mind, the improvement of your privacy program.  Here are some great ways to start you on your way to achieving just that. Continue reading this post...

Happy Data Privacy Day
(Note, this post first appeared in the Operational Privacy blog on CIO.com) Data Privacy Day (DPD), held every January 28 and coordinated by the National Cyber Security Alliance (NCSA), is an international effort highlighting “Respecting Privacy, Safeguarding Data and Enabling Trust." DPD provides an opportunity for you to re-enforce these themes within your organization to improve privacy awareness. The result is that you will increase your customer’s trust in your organization while reducing costs and liabilities due to human error while handling personal information. [Disclosure: My company, Privacy Ref Inc., is a sponsor of Data Privacy Day.] Continue reading this post...

Other Recent Posts

PRIVACY REF