How does your business transport sensitive data?
When sensitive data leaves your office, is it leaving in a secure fashion? Surprisingly, this is a question many companies haven’t given adequate consideration.
Most companies working with other people’s data have protections in place against computer crashes or online attacks. While these companies will put solid digital protections in place, however, they often won’t think twice about data walking right out the front door. If your company doesn’t have a secure data transportation plan in place, you should take a moment and consider the potential liability you face when transporting sensitive data.
The question, is whether your business is open to a potentially catastrophic lawsuit?
Data is everywhere
It’s understandable that data can slip out your front doors without a thought; it’s everywhere these days.
Our computers, phones, point of service machines, social media accounts, and search engines are all tracking, compiling, and storing data. Collecting and collating data has become standard practice for many businesses.
What is not standard in some businesses, however, is the institution of adequate standards for the transportation and storage of that data. If your company doesn’t have a data transportation policy in place, it is crucial that you establish one now. Treating your customer/client data with appropriate care is important for their privacy and for your culpability.
One of the most significant risks comes from the growing ease of data transportation. Increasingly, your staff can effortlessly transport data storage appliances from site to site. Portable hard drives, tapes, memory sticks, etc. can be thrown in a backpack or a pocket and walked out the door without a second thought.
The lack of thought behind these moves is especially concerning. With employees using laptops, mobile devices, or thumb drives at work, it’s easy for someone to take home a client’s sensitive data without even realizing it. There may be no malicious intent – or any intent at all – behind this data transportation. Intent won’t matter, however, when that laptop or other device goes missing.
It could happen to you
Concerns over the physical loss of data during transportation aren’t without precedent; they are based in many real experiences. There are many companies and organizations that send employees home with sensitive data on their memory sticks, computers, or hard drives.
In one of the most high-profile cases, an employee of the Canadian federal government lost a hard drive with the student loan information of 583,000 people. This information included a variety of personal data, including social insurance numbers. The federal government now faces a lawsuit worth upwards of $1 billion dollars. This data loss occurred despite the Department having a number of data protections in place to prevent this sort of breach.
Your organization likely doesn’t have half a million-plus social insurance numbers on a single hard drive. But don’t think that means you can be carefree with the data you do have. The moment data leaves your office, you are responsible, and therefore liable, for its protection. If you store other people’s personal information and you, or one of your staff, then loses that information during transit, you are responsible. The loss of someone else’s personal data could mean a lawsuit worth tens, if not hundreds of thousands of dollars.
Would you put $100,000 in a briefcase and take it out of your office? It’s not likely.
Take data transportation seriously
It’s important that your company asks itself a number of critical questions. Does your company or organization store client/customer personal data offsite? Is that site secure? How do you transfer the data there? Is that transportation secure? Are employees carrying sensitive information on personal or transferable devices?
It’s important to make data storage and transportation seriously. Whatever your business, whether it’s accounting, the legal profession, human resources, or even a retail outlet that collects specific contact information on customers, it is vital that you have a data transportation policy that keeps data safe and protected, whether in your office or in transit.
Don’t take unnecessary risks, establish a data transportation policy and stick to it. The convenience is not worth the risk.