Privacy Issues

Many of us - maybe most of us - have been affected by data breaches in the past year. Perhaps your organization is one whose data has been breached by hackers. But your data could have been exposed or stolen in other ways in the workplace, during the data recovery process for example. What controls do you have in place to prevent your disaster recovery process from becoming part of the problem? A newer privacy risk is the proliferation of wearable technology in the workplace. Also of concern is the monitoring of computer/social networking activity by employers. If you have not thought about how some of these issues might impact you, this week's articles should be of interest.

Disaster plans often address speed to recovery with often overlooked information privacy issues leaving real vulnerabilities to the protection of personally identifiable information. (Item #1)     Disaster plans often address speed to recovery, overlooking information security and privacy issues; this results in significant risks to PII. (Item #2)     There are enormous benefits from Big Data analytics, but also massive potential for exposure that could result in anything from embarrassment to outright discrimination. Here's what to look out for - and how to protect yourself and your employees. (Item #3)    

Here is a brief explanation of the types of issues that can arise when managing employees and attempting to stay within the bounds of privacy laws. (Item #4)     The impact of wearable technology is ringing alarm bells among privacy advocates. (Item #5)     Employees should therefore be conscious of what information they display on social media websites. (Item #6)    

As always, I look forward to hearing about your concerns with regard to business continuity. If there are any topics that you'd like to see covered, email me at [email protected].

Bob Mellinger, President
Attainium Corp

1. Addressing Privacy Issues during Disaster Recovery

Businesses possess a staggering amount of private and personally identifiable information (PII), not only about their customers, but also about their employees. Here are some key areas where planners need to be concerned with private and personally identifiable information when creating, updating, and testing disaster recovery plans.
http://www.disaster-resource.com/index.php?option=com_content&view=article&id=4%3Aaddressing-privacy-issues-during-disaster-recovery&catid=6%3Ainformation-technology&Itemid=12

2. Converging Information Security and Privacy Activities during Business Continuity

When information and access are impacted, so are the safeguards around that information. When the information is personally identifiable information (PII), such as found in customer databases and employee files, privacy also becomes an issue you must address.
http://www.privacyguidance.com/files/meettheexperts.pdf

3. The five worst Big Data privacy risks (and how to guard against them)

The collection and manipulation of big data can lead to big privacy problems. By now it is glaringly obvious that when people generate thousands of data points every day - where they go, who they communicate with, what they read and write, what they buy, what they eat, what they watch, how much they exercise, how much they sleep and more - they are vulnerable to exposure in ways unimaginable a generation ago.
http://www.csoonline.com/article/2855641/big-data-security/the-5-worst-big-data-privacy-risks-and-how-to-guard-against-them.html

4. Managing Employees: Privacy Issues

An employee's right to privacy has become a ubiquitous topic in employment law. Employees are allowed a reasonable expectation of privacy when at work, but there are a whole host of federal, state, and local laws that come into play whether we are discussing personnel records, electronic communications, drug and alcohol testing, and even an employer's access to employee medical records.
http://smallbusiness.findlaw.com/employment-law-and-human-resources/managing-employees-privacy-issues.html

5. Wearable technology creates new privacy issues for employers

Wearable technology is creating new privacy headaches for employers, a leading law firm has warned. Technologies such as Google Glass and smart watches are gradually making their way into the workplace. But the intrusive nature of these devices, which could be used by employees to take clandestine photographs or videos, are ringing alarm bells among some employers.
http://www.computerweekly.com/news/2240223173/Wearable-technology-new-privacy-headaches-for-employers

6. Social Networking & Computer Privacy

Generally, employers have the right to monitor their employees' use of the Internet (including visiting social networking sites, checking e-mails, and instant messaging) on computers owned by the employer, during employees' on-duty hours. Although federal laws prohibits employers from discriminating against a prospective or current employee based on information on the employee's social networking site or personal blog relating to their race, color, national origin, gender, age, disability, and immigration or citizen status, employers can and do use information on such websites as a method of conducting background checks.
http://www.itweb.co.za/index.php?option=com_content&view=article&id=147983