RSS
Email
Print
ShareLegal Brief: Communication Is Key to Security Compliance
Posted by
Justine Young Gottshall
January 19, 2007
When it comes to compliance, IT departments that don't communicate with other business units are doomed to failure. Consider the following situation, which I've seen happen several times:
Marketing Division A asks IT for the e-mail addresses of customers who've shown interest in a product by registering on the company Web site. IT complies, and Division A launches an e-mail marketing campaign. Problem is, the Web site is run by Division B, which had posted a statement on the registration page promising e-mail addresses would never be shared. The result: an unintentional privacy violation.
Clearly, someone needs to be looking at the big privacy and security compliance picture.
IT has a role to play in three major components to privacy and security compliance: corporate policies, assessment and implementation, and training. But IT also must accept the roles other divisions will play in areas typically within its domain.
» CORPORATE POLICIES: Do not underestimate the importance of written policies addressing data-protection issues. Security policies, HR policies, privacy policies for internal and customer data, document-disposal policies, security breach policies--all are necessary as part of corporatewide training programs and to establish compliance baselines. They'll also prove essential in defending your company should it be accused of a legal violation. Collaborate with other divisions, such as HR, to create policies that govern IT functions that touch on security and compliance, such as disclosure of employee monitoring.
Page: 1 | 2 |3 |Next Page »
Related Reading
More data-protection Insights
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
