PLAN AHEAD

Incorporate privacy and security from start to finish.
Thinking about the data you will collect and store while you design your product or service is only one part of “baking in” privacy. You also need processes in place to address issues that might arise in the future. Save time, money, and even your reputation by maintaining privacy and security practices that are holistic, regularly re-evaluated, and prepared for potential data security issues and legal demands.
LIMIT AND MONITOR INTERNAL ACCESS TO DATA.

While most businesses imagine shadowy hackers as their biggest security risk, in reality insiders with the ability to access records inappropriately can also pose a significant threat. To minimize this threat, adopt clear rules and technical approaches to prevent inappropriate access, thoroughly train individuals who handle user information in your privacy and security practices, and log and audit data access.

Case Study

The FTC Called, Consumers Want Their Privacy Back: Amazon Ring allowed Employees to Spy on Customers in Intimate Spaces

The FTC took Amazon Ring to task for compromising people’s privacy by giving employee and contractors unnecessary and unrestricted access to sensitive video information and failing to provide notice or consent for access, and failing to secure its devices from hacks.

The FTC took Amazon Ring to task for compromising people’s privacy by giving employee and contractors unnecessary and unrestricted access to sensitive video information and failing to provide notice or consent for access, and failing to secure its devices from hacks. It was revealed that a single employee had spent several months in 2017 watching thousands of video recordings without consent, including many that occurred in “intimate spaces” of the home. Ring was ordered in 2023 to delete information, models, and algorithms derived from unlawfully viewed videos and implement a privacy and security program with stringent controls. 

 

Case Study

Cambridge Apocalyptica: Facebook’s Platform-App Privacy Disaster

Facebook was thrown into full-blown crisis after reports that Cambridge Analytica, a shadowy voter-profiling company, used information from tens of millions of Facebook users’ profiles as part of its

Facebook was thrown into full-blown crisis after reports that Cambridge Analytica, a shadowy voter-profiling company, used information from tens of millions of Facebook users’ profiles as part of its work for the Trump campaign during the 2016 election. At issue was Facebook’s failure to give users control over their private data shared through a Facebook-platform app, a risk that the ACLU of Northern California has long called out as a serious privacy concern. Facebook’s stock immediately declined sharply on the news, state and federal law enforcement announced investigations, a Congressional inquiry sought every excruciating detail, and users clamored to #DeleteFacebook. When CEO Mark Zuckerberg emerged publicly with yet another promise to change, the damage—to users, the brand, and the bottom line—was already done. Facebook’s stock plummeted in the following quarter, losing more than 120 billion dollars in market value and suffering the biggest one-day loss in stock market history – as its “years of privacy controversies finally caught up with it.” After a four-year legal fight, Facebook was forced to pay $725 million to settle a data privacy class action stemming from the Cambridge Analytica crisis.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

KEEP YOUR SYSTEMS AND DATA SECURE FROM OUTSIDE THREATS.

Security breaches can undermine your users’ trust and cause them to take their data elsewhere. Many breaches can be prevented by taking steps to protect the systems and data under your direct control. Work with your engineering team and outside experts to implement security best practices such as network activity monitoring, endpoint security for devices that connect with your network, and routine system audits and software updates.

Case Study

AT&T Phoned In Cybersecurity: Suffers Massive Data Breach

AT&T was blasted in the press for its “sloppy” cybersecurity, questioned by members of Congress, and

AT&T was blasted in the press for its “sloppy” cybersecurity, questioned by members of Congress, and hit with a class action lawsuit for its “sweeping” data breach when the company disclosed in 2024 that hackers accessed six months of call and text records from “nearly all” of its more than 70 million customers. AT&T admitted that there are ways to identify the names associated with specific telephone numbers and security experts are concerned that “any information could help hackers access more data.”

PROTECT YOUR ENTIRE DATA ECOSYSTEM.

In addition to securing the data you hold, you need to make sure that your users’ data is secure even when it is not on your servers. If third parties are going to have access to your users’ data, make sure their privacy and security practices are consistent with your own. Consider how you can formally require third parties to meet your standards and verify compliance with those requirements.

Share This: