Data Privacy Week, which wrapped up January 27, is a great reminder every year for MSPs to get the message out to clients on the importance of properly handling sensitive data. It was established by the National Cybersecurity Alliance to spread awareness about the importance of protecting business and personal information.
With cybercrime on the rise, taking data privacy seriously isn’t just a good idea, it’s the law.
Government and regulatory agencies across the US are rapidly addressing ever-increasing threats. According to the International Association of Privacy Professionals (IAPP), “state-level momentum for comprehensive privacy bills is at an all-time high.”
The states that have enacted comprehensive privacy laws that are in effect now, or will be in the next two years, include California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia. More are likely to follow suit.
So keeping up with legislation is critical. But that’s only the beginning. Here are three additional steps you can take to ensure your clients are handling sensitive data properly:
Step 1 – Address Misconceptions
According to Carla Roncato, vice president of identity for WatchGuard, the good news is that most SMBs have gotten the message about the importance of data privacy. Based on her research of nearly 500 companies, “By 2018, at least 80% had a Chief Privacy Officer or somebody deemed responsible for their privacy program.”
But even if they think they’ve got privacy covered, blind spots exist. There’s a common misconception that only certain types of data require protection. Rebecca Herold of PrivacySecurityBrainiacs.com notes, “A lot of businesses think, we’re not healthcare, we aren’t financial, education, or government, so we don’t have to worry about regulations or compliance.”
But it’s not just about compliance. Cybercriminals are targeting non-regulated industries like transportation, construction, and agriculture.
And size doesn’t matter. Every business that handles financial or personal data needs to follow privacy laws.
“You may only have 50 employees,” explains Roncato, “but you can have terabytes of data that need protection because of its critical business sensitivity.”
Step 2 – Design With Privacy In Mind
One of the best ways to reduce risk is to simply make sure your customers factor privacy concerns into every aspect of how they capture and store data.
Start embracing the concept of “privacy by design.” “Take a step back and ask whether you really need to collect that information in the first place,” says Roncato. “Don’t collect the data if you don’t need it. And then if you are going to collect, make sure to use privacy software to protect the data and yourself.”
It’s not only good policy; it’s what people everywhere are demanding more and more. “We know that consumers are looking at privacy and they’re starting to say, ‘NO, we don’t want cookies loaded. We don’t want megapixels being used,’” says Herold.
Step 3 – Never Take Privacy For Granted
You can’t take any of this for granted. Stories of big-name corporations getting hit with major fines due to breaches are sadly all too common. “There’s always a risk of financial loss,” says Roncato, “but even worse is the overall loss of trust in your reputation.”
As your customer’s MSP, you can play a key role by keeping them informed and helping to foster a culture of privacy awareness. Roncato suggested designating a “Privacy Champion” to track developments and make sure current information gets out regularly to clients. “I’m a big advocate of the IAPP,” says Roncato, “I think they’ve done a great job of putting privacy in the forefront. They’re always up to date on what’s changing in each individual law.”
Herold has even started putting out “Two Minute Warnings” with tips and strategies to her clients in an attempt to raise awareness. “I’m not only letting clients know about new regulations, but also about bills being proposed at the federal level, even though it might take a few years before they ever come to fruition,” she says.
Bottom Line
The risks to businesses for NOT taking data privacy seriously are significant and MSPs must step up. “If you possess the data,” says Herold, “you have responsibility and accountability for it.”
As a managed service provider, you need to ensure that privacy and security are foundational components of the services your clients expect and experience.
And it goes without saying that following good privacy practices applies to your own MSP business too, and the client data you handle.
For more on privacy and compliance, and how to protect your MSP business from a lawsuit, go here.
