In nice weather, which is a precious commodity in New England, I spend a lot of time on my bike. It’s a great way to exercise, spend time outdoors with my husband, and train for a charity fundraiser for an important cause, finding a cure for cancer.
You all know the old adage, once you learn to ride a bike, you never forget. Some may think that this holds true for privacy training and awareness as well. You may think, “We ‘did HIPAA’ years ago, and we are all set” or, “We all know to not click on those strange emails with the dancing snowmen; it’s old news.”
Well bear with me for a moment and let me explain why this type of thinking can cause issues both on the bike and in today’s data-driven workplace.
1. Rules of the road
On a bike, it is important to know the rules of the road. Is this road one-way? Can I take a right on red? Must I come to a complete stop at a stop sign? Did they change the traffic pattern since last season? On a bike, a wrong decision can be life-threatening.
In business, it is important to know what legal requirements apply and to keep up with legislative and regulatory changes. But it is also important to determine whether business model changes affect privacy strategies.
• Am I affected by the California Consumer Protection Act if I am based in Massachusetts?
• Does HIPAA apply to my operations if I am a small practice?
• Can I share this new type of information about my customers or patients?
• Can I respond to a negative review on Yelp?
• How do I dispose of old records?
• How can I use information I collect on my website and through other means?
• Do I need a Written Information Security Program?
• Are there contractual requirements with my business partners that impose new requirements?
A wrong decision can negatively affect your customers, your reputation, and have financial and regulatory consequences.
2. Directions
When I am out on my bike, I sometimes get lost. The road curves and I take a wrong turn. Although I sometimes discover beautiful sights, enjoy new routes, and even encounter, cows, sheep, or horses, sometimes I find myself trudging up a steep hill or riding down a long road that dead ends at a highway. Having a good map that shows bike-friendly routes is essential.
In a work setting, policies & procedures should be the map. Employees are busy serving customer’s needs and furthering the business objectives. Simple, easy to understand privacy and security policies and procedures take the guess work out of compliance and free up staff to focus on what is important.
3. New Equipment/New Approaches
Cyclists are known for always wanting the latest and greatest equipment. Perhaps a lighter frame or different gearing will make me ride faster. But sometimes, new technology also results in a safer experience, for example, disc brakes work better in wet weather. Gear levers on the handlebars are easier and safer to use than levers on the down tube of the frame.
The world around us at home and at work is changing at breathtaking speeds. To keep up, business leaders must constantly review business models and operations. Is there a way that I can do things better? How can I protect information that we now collect? How do I use digital technology to communicate with my customers and maintain their trust?
4. Safeguards and Patches
I never leave my house on my bike without a helmet. I value my life too much to take chances. A spare tire or a patch kit is also essential.
In the work arena, in addition to security safeguards (patches, encryption, firewalls, multi-factor authentication, etc.), employees should be aware of common privacy safeguards. Am I aware of my surroundings when speaking? Did I leave confidential information on my desk? Can I limit the information in a spreadsheet or redact confidential information? Do I have a strong password? How do I safely discard confidential information? And importantly, have I backed up my information?
5. Be Vigilant
Despite my best efforts to be safe, things happen on the road. Drivers cut off cyclists accidentally and sometimes intentionally. Pedestrians and animals cross the street without looking. (That’s you Fido!) Potholes, sand patches, and slick spots appear out of nowhere. In addition, I don’t leave my bike unattended or unlocked unless I am in a safe place.
In the internet age, cybercrime is growing by leaps and bounds and is a profitable, albeit illegal, business. You certainly wouldn’t leave your physical office unlocked; your digital office should be protected as well. Cybercriminals are using increasingly sophisticated social engineering techniques to trick people into providing or allowing access to confidential information about your customers and your business. Because we are all so busy, it is too easy to click on that phishing email. Can I recognize the common signs of a scam? What should I do if I mistakenly click on a link or open a phishing email?
6. Get Back up if you Fall
All cyclists have a story about falling off their bike, whether it’s forgetting to unclip from a pedal when you stop (who me?) or crashing into another bike that makes a sudden U-turn (my husband). In any case, you get back up as soon as you can and ride another day.
In business, despite our best efforts, things happen. They say that there are two types of companies, those that have been breached and those that don’t yet know that they have been breached. A privacy breach can affect electronic information, paper, and oral information. It is important to have plans to respond, notify regulators and affected individuals, and to take steps to reduce the risk that it will happen again. We all learn in the process.
So, what do you think? Whether it’s privacy or cycling, it’s a beautiful ride.