Businesses & Corporations

Businesses can be an excellent resource for privacy information. Businesses like Microsoft, Cisco, Nymity, and Google create and provide resources for consumers and for other businesses.  Below, you can access various privacy resources created for consumers or created for use by other businesses.

Privacy Resources for Businesses

Spotlight on Any Device & Bring Your Own Device: Privacy Considerations

As underscored in the 2011 Cisco Connected World Technology Report, the days of one device in your life are over:  33% of employees use at least three devices for work, and more than 77% of employees worldwide have multiple devices, such as a laptop and a smartphone or multiple phones and computers.  Cisco has embraced the “Any Device” vision, which allows for greater employee choice in devices while maintaining a common, predictable user experience that maintains or enhances global organizational competitiveness, productivity, and security.  As Cisco ventured out on the Any Device journey, we identified critical business areas that are affected by this new paradigm.  “Cisco Any Device: Planning a Productive, Secure, and Competitive Future” spotlights these focus areas and provides a list of questions that have helped Cisco—and can help you as you begin your own journey—to veer around potential problems and determine how best to approach considerations as you go. 

Legal Issues Abound with BYOD (Bring Your Own Device), Peter S. Vogel, Jan. 8, 2012

BYOD: Bring Your Own Device, Building a Scalable Bring Your Own Device program, Mobile Iron

Bring Your Own Device: Dealing with Trust and Liability Issues, Forbes (Aug. 17, 2011)

Bring Your Own Device: Addressing the Security Challenges of Employee-Owned Devices in the Workplace, Archived Recording of a National Webcast Initiative available from MS-ISAC (Aug. 25, 2011)

BYOD: You Ain’t Seen Nothing Yet, by Galen Gruman, InfoWorld (Dec. 20, 2011)

The Cloud and Privacy

Cisco’s Key Considerations for Cloud Security:  Cisco recognizes that security is one of the top barriers to cloud adoption.  In this white paper, Cisco highlights that cloud security has its own architectural structure with several key considerations, including logical separation, policy consistency, automation, scalability and access control.  Learn more about Cisco’s Cloud Journey here.

Privacy Risks Associated With Digital Copiers:

If you own a business or work for a company and that business or company owns or leases a copy machine, and if you are obligated by federal or state law to protect the privacy of personal information, you should be aware of the significant privacy risks posed by digital copiers. To learn more, please review “The Digital Copier Threat to Data Security,” a fact sheet offered by Digital Copier Security Inc.

To get a brief overview of the privacy and security risks associated with copy machines, join Armen Keteyian as he talks with John Juntunen of Digital Copier Security, Inc. for the CBS news story, Copy Machines: A Security Risk?

Review Copier Data Security: A Guide for Businesses at the FTC Bureau of Consumer Protection’s Business Center.

For financial institutions: FDIC Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers, September 15, 2010

For HIPAA covered entities and business associates: Photocopier Fallout: Company Notifies 409,000 of Data Breach

For lawyers concerned about the privacy of client records, consider comments by attorney Brian Maude from Canada in a recent post entitled Printer/Scanner/Copier/Privacy Violator?, June 11, 2010; from Bank Lawyer’s Blog, consider Fax Machines: A Source of Civil Monetary Penalties?, Sept. 27, 2010; and Digital Devices May Impose Ethical Obligations on Attorneys, Nov. 16, 2010.

FTC Targets Privacy Concerns Related to Copier Machines, May 18, 2010

FTC Investigating Privacy Risks of Digital Copiers, May 18, 2010

From Hunton & Williams FTC Investigating Privacy Risks to Data Stored on Digital Copiers

Copiers: Gold Mines for Identity Theft

Information Security and Document Destruction

Top 10 Tips to Help Keep Your Data Safe, data security tips for merchants offered by First Data.  “Your customers expect you to keep their personal cardholder data safe – not an unreasonable expectation, and merchants must take it seriously. Such protection requires merchants to make an ongoing commitment to human and monetary resources, including new technologies, stronger policies and continuous diligence.”

SANS is a trusted source for information and computer security training and offers a variety of free computer security resources for everyone to use.  SANS Free Security Resources include the largest collection of up-to-date research documents about various aspects of computer and information security, Internet Storm Center (the Internet’s early warning system), sample policies, webcasts, white papers, newsletters (NewsBites and @RISK), training videos, and many more valuable resources to help aid research.

Sophos offers Protecting Personally Identifiable Information: What’s at risk and what you can do about it. (2010)

With experience in 16 countries serving businesses, hospitals, police forces, intelligence and security agencies, banks and universities, Shred-it is a world leading information security company providing services that ensure the security and integrity of customers’ private information. Shred-it shares resources to help organizations better understand how to protect privacy: helpful tips about electronic data security, confidential information security and destruction and the impact of identity theft; and articles such as The Future of Document Security.

Cisco Explains: Hackers and Why Firewalls are Important Even for Small Businesses:  How do hackers find a small business website? They have web crawlers that look for sites without firewalls or proper spyware security and then target those unsecure networks. In this video, Cisco explains that hackers can find you even if you're small.

Compliance, Data Breach, and Risk Management

Cisco’s privacy portal “Privacy and Security Compliance Journey” is dedicated to sharing with Cisco’s customers, partners and any others that may be interested, its privacy and security compliance journey — and it is a journey with the evolving legal framework and regulations.  At Cisco, we recognize that a key to our business is building and maintaining the trust, reducing risk and simply doing what is right.  Fundamental to that concept is our philosophy that “Protecting information is everyone’s responsibility.”  Our portal highlights a number of aspects of our privacy compliance program that we consider to be leading practices.  We hope you will find useful the materials and resources featured in the site and encourage you to share your best practices and give us feedback in the Community Forum.

Jackson Lewis LLP offers a presentation covering some basic aspects of conducting a risk assessment

Nymity produces the world’s leading compliance knowledgebase and alerting service for privacy and data protection.  Hundreds of organizations around the world use the controls-based checklists that are produced daily by Nymity’s dedicated in-house research team consisting of privacy lawyers and former Chief Privacy Officers. The daily alerting service includes controls-based checklists for new laws, codes, case law, regulators’ actions, best-practices, legal opinions and regulators’ guidelines.  The knowledgebase provides the comprehensive history of all reference material produced, plus additional compliance resources.  Whether complying with privacy and data protection laws in your region, country, or globally, Nymity offers the premier compliance support solution available anywhere in the world ,PrivaWorks.  Nymity also provides free resources for privacy professionals including information on privacy breach analysis and privacy studies.

DataGuidance is a comprehensive global privacy database, bringing together all legislation, codes of practice, case law and official guidance, along with DataGuidance notes, written by leading privacy experts in each jurisdiction, on key issues such as email marketing, employee monitoring, and data transfer. Created to make data protection and privacy compliance simpler and faster, all materials are indexed and quickly accessible through vertical search. Sign up for a free online demonstration and 1-week trial to see the world’s largest privacy database.

In honor of Data Privacy Day, Jackson Lewis addresses ten critical areas businesses will need to consider when addressing information risk in 2010.  The Workplace Privacy Data Management & Security Report offers updates and information throughout the year regarding privacy preventive strategies and positive solutions for the workplace.

Cisco provides Information Security: Inadvertent Data Exposure, offering guidance about how to protect data in a range of environments.  Information disclosure can happen in an instant, be it the moment an employee posts an online message to their Facebook account, or walks from a car to the company building holding confidential data in plain view. The costs associated with such a disclosure are high and include financial loss as well as the loss of a company’s credibility. All organizations, regardless of size, should be mindful of the need to protect the competitive advantage of their enterprise by avoiding inadvertent disclosure of intellectual property.

The American Institute of Certified Public Accountants (AICPA) is the national, professional association of CPAs, with more than 360,000 members, including CPAs in business and industry, public practice, government, and education. Created by a joint Privacy Task Force of the AICPA and the Canadian Institute of Chartered Accountants, Generally Accepted Privacy Principles (GAPP) is designed to help managements assess existing privacy programs and address privacy obligations and risks.  It is available in two versions, one for business management and one for CPAs and chartered accountants(CAs) in public practice who provide consulting and attestation/audit services.  Click here for additional educational materials.

AICPA shares a podcast in honor of Data Privacy Day, “Effective Management of Your Records and Data,” discussing the considerations for safeguarding personal information. Reference will be made to supplemental resources available to listeners through the InfoTech website, including an upcoming webinar that provides comprehensive guidance towards the prevention of the compromise of client records or data that contain personal information.

The Online Trust Alliance has a Privacy & Data Loss Incident Readiness Planning Guide to help businesses prepare for the likelihood they will experience a breach or data loss in the future. 

Hi Software offers a collection of its best white papers and on demand Webinars to help you make 2012 the year you take charge of your privacy initiatives. The library of free resources offered on Hi Software’s Data Privacy Day site contains valuable strategies, advice and processes from industry thought leaders to help you put an effective privacy program in place to ensure that your sensitive data is kept private and secure.