Neopost Mailing Solutions, Digital Communications and Shipping Services, profile picture
Uploaded byNeopost Mailing Solutions, Digital Communications and Shipping Services
PPTX, PDF618 views

How to Protect Your Data

The document outlines the importance of data protection for organizations, highlighting the need for compliance with evolving data protection legislation, particularly in Europe. It emphasizes that organizations must manage customer data as valuable assets, ensuring accuracy and providing consumers with privacy rights while facing potential penalties for violations. The text offers practical strategies for complying with data protection laws, advocating for structured data management and the appointment of data protection officers.

Embed presentation

Download to read offline
Howto Protect Your Data Howto Protect Your Data August 2014 Howto Protect Your Data Practicalideas to help organizations comply withdata protection legislation
Howto Protect Your Data Editorial Enno Ebels, Executive VP, Customer Information Management, Neopost Making sure customer data is accurate and providing a trace of who changes what and when help organizations make customer communications more cost effective.” “Dataprotection is becoming a priority for organizations as we move into a digitalenvironment where people care more about what happens to their personal information. The Snowden leaks (related to the NationalSecurity Agency in the US and its surveillance activities) and the level of public debate that followed highlight just how important data privacyhas become for citizens and enterprises around the globe. In the area of data qualityand master data management the initial stage involvesdata capture. Thenenterprises do something with the data, for example send a letter, delivera parcel or post a comment on a socialnetwork. However this data needs to be kept aliveas people move, products change and all kinds of additional information becomes available. This means that enterprises need to make sure they have a real process in place to managedata in the same way they manage other assets. A large amount of information is now being collected on people, so rulesneed to be put in place in order to controlall of the metadata being pulled together from various sources. This sets the stage for companies to re-think their business model and decide how to use data to improveproducts and services. Making sure customer data is accurate and providinga trace of who changes what and when help organizations make customer communications more cost effective and enable enterprises to comply with different industry sector rulesand regulations.Cleaner and enriched databases offer enterprises an opportunity to create a ”single customer view” containing business-critical information. This includes an accurate name and address, purchasing preferences and multichannel delivery and contact points. I believethat data is an asset and, although there are no clear rules on how to valueit from an accounting perspective, I think it shouldgo on the balance sheet at some point. The new data protection legislationplanned for Europe will offer opportunities for enterprisesthat treat data as an asset, and by this I mean an asset witha value. The planned regulations will put more emphasis on data ownership and the need for governance in order to ensure data is handled correctly and stays current. I am convinced that data will become a very valuable tool in the future and enterprises will be able to do a lot more for their customers if they learn how to leverage the data they collect while ensuringthe protection expected by these customers.” 2
Howto Protect Your Data Know Your Customer Data protection is all about respecting an individual’sright to privacy and the new data protection regulations,currently going through final reviewby the European parliament, will provide organizations with the momentumthey need to manage their data more effectively. But what do you need to do in order to ensure yourorganization complieswithdata protection legislation whileincreasing customer satisfaction? Responsible customer relations Successful customer relations involves taking into account a consumer’s rightto be “left alone” and communicating with willing recipients using the customer’s preferred channel – either postal mail, digital mail or multichannel delivery. If you wishto use personaldata for postal marketing, you must tell your customers, or prospects that you intend to use theirdata for this purpose and give them the opportunity to refuse such use. Where you yourselfhave collected the data thisshouldbe done at the time of collection by providing, for example, a tick box on a form.If the data has been obtained from a third party the opportunity to refuse direct marketing materials must be provided before any materialsare sent out. Contact details can onlybe used for electronic marketing purposes (text messages, voicemessages, sound messages, image messages, multimediamessages and emails) when: • The sale of the product or service concerned took place not more than 12 months prior to the sendingof the customer communication • This means that organizations need to carefully manage all of the personal data they hold, improve data qualityand take steps to complywith data protection legislation. • The product or service you are marketing is similarto that whichyou sold to the customer at the time you obtained their contact details • You gave the customer the chance to object to you using their details easilyand free of charge • Each time you send a marketing message you give the consumer the right to object to receivingmore messages in the future 3
Howto Protect Your Data What is the Data Protection Legislation? In Europe The aim of the Data Protection Act (passed in the UK in 1998) is to provide individualswith a way to control information about themselves. The legislation in its current form gives people a right of access to personaldata. This includes information held by a companythat relates to an individual. A lot of data is considered to be sensitiveand if it were to fall into the wrong hands this would be regarded as a breach of civil liberties. European Union (EU) Data Protection Directive, requiring member states to protect individuals’rights and freedoms - in particular people’s right to privacy when it comes to the processing of personal data. the GeneralData Protection Regulation (GDPR).One of the reallysignificant aspects of the proposed regulation is that it will extend EU laws to non-EU companies sellinginto the EU. The timeline for this has still not been confirmed. The European parliament wants to get it through by 2015. There are arguments being put forward in order to delay the legislation, to ensure that it is fully talked through but the aim is to have the regulation implemented by 2017/2018 in Europe. Other European Unioncountries have passed similarlaws as often information is held in more than one country. The European Commission is currently planningto bring together all data protection within the EU with a single law, The aim of the 1998 legislation was to alignUK law with the 1995 In the US The following Data Protection laws exist in the US: individualscontrol over their data. If such legislationis passed it will allow consumers to opt out of online tracking. FACTA The Fair and Accurate Credit Transaction Act (2003) This legislationaims to protect consumers’ credit information from the risksassociated with data theft. It makes it illegal for credit and debit card receipts to containany more than the last fivedigits of a consumer’s card number, however the regulationis not applicableto handwritten receipts. The most recent uproar in the US concerned the “do not track”movement which is specifically related to tracking online activity in orderto create consumer profiles. A “do not track’ bill was introduced in early 2013 as some people believe that legislation is the onlyway to give HIPAA The Federal Health Insurance Portabilityand Accountability Act (1996) This legislation offers protection for people’shealth-related information. It specifies who can have access to an individual’s health data. This covers medical providers’ records, health insurers’ computer records, billing informationand conversations that doctors have had with other health professionals about a person’s care and treatment. There is growing consensus on some of the commonprinciples between EU and US data protection law and the EU is seen as a benchmark framework. Furthermore there is a move in the US to strengthen privacylawsat State level and a push at Federallevel to clarifythe laws there. The draft EU regulation will have an effect on the US as American companies that are engaged in the processing of data relatingto EU citizens will have to comply. Planned for EU General Data Protection Regulation (GDPR) EU European Union Data Protection Directive UK Data Protection Act 2015 1998 1995 4
Howto Protect Your Data How Can You Comply? Organizations and professionals that need to store personaldata from clients in order to do businessneed to comply. Most companiesthat process customer data fall under the requirements of the Data Protection Act. The Data Protection Act can be complex and difficult to interpret. However it consists of eight key principles that organizationsmust adhere to. needed to forma basic record of a person they have removed from their search. It is appropriate to keep this small amount of informationso that these people are not contacted again about debts which do not belong to them. Also, some of the informationis in the formof handwritten notes that are difficult to read. Without access to the organization’s key or index to explain this information, it would be impossiblefor anyone outside the organizationto understand. In this case, the Act requires you to explainthe meaning of the coded information.4. Keep it accurate, complete and up-to-date Example: A journalist builds up a profile of a particularpublic figure. This includes information derived from rumors circulating on the Internet that the individual was once arrested on suspicion of dangerous driving. If the journalist records that the individual was arrested, without qualifying this, he or she is asserting this as an accurate fact. However, if it is clear that the journalistis recording rumors,the record is accurate – the journalist is not asserting that the individual was arrested for this offence. 7. Keep it safe and secure Example: An organization holds highly sensitive or confidential personaldata (such as information about individuals’ health or finances) which could cause damage or distressto those individuals if it fell into the hands of others. The organization’s information security measures should focus on any potential threat to the informationor to the organization’s information systems. 8 Waysto Ensure Compliance with Current Legislation 1. Obtain and process information fairly Example: Personal data will be obtained fairly by the tax authorities if it is obtained from an employer who is under a legal duty to provide details of an employee’s pay, whether or not the employee consents to, or is aware of, this. 8. Do not transfer it outside the European Economicarea unless that country or territory ensures an adequate levelof protection Example: A multinational company transfers a list of internal telephone extensionsto its overseas subsidiaries. The nature of the information makes it unlikely that the individuals identified would suffer significant damage in the unlikely event that an unauthorized source obtained the list. It is reasonableto decidethat adequate protection exists. 5. Retain it for no longer than is necessary for the purpose or purposes Example: A bank holds personal data about its customers. This includes details of each customer’s address,date of birth and mother’s maiden name. The bank uses this information as part of its security procedures. It is appropriate for the bank to retain thisdata for as long as the customer has an account with the bank. Even after the account has been closed,the bank may need to continueholding some of this information for legal or operational reasons. 2. Keep it only for one or more specified, explicit and lawful purposes Example: A not-for-profit chess club only uses personal data to organize a chess league for its members. The club is exempt from notification, and the purpose for which it processes the information is so obviousthat it does not need to give privacynotices to its members. The specified purpose of processing shouldbe taken to be the organizationof the members’ chess league. 3. Ensurethat it is adequate, relevant and not excessive Example: A debt collectionagency is engaged to find a particular debtor. It collects information on several people with a similarname to the debtor. During the enquiry some of these people are removed. The agency should delete most of their personal data, keeping only the minimum data 6. Givea copy of his/her personal data to an individual,on request Example: An individual makesa request for their personal data. When preparing the response, you noticethat a lot of it is in coded form. For example, attendance at a particular training session is logged as “A”, while non-attendance at a similarevent is logged as “M”. 5
Howto Protect Your Data How Can You Deal with the UpcomingEU Legislation? Defineyour processes and understand them At the core, the data protection principles will remain largely the same. But some new rights will be provided and a number of new responsibilities will be placed on Data Controllersand Data Processors. What organizations will need to do is probably being done already, but in an unstructured way. So this means formalizing processes. In practice this means that you will have to: Start managing data in a structured way This will involve managing data the way you manage other assets such as company cars, stationery or financial results. Appoint a Data Protection Officer (DPO) This will applyto organizations with over 250 employees or entities engaged in “systemic monitoring” of EU citizens or public sector structures. Not having a DPO will constitute an offence, with a significant financial penalty. Ensure your organization has a clear segregation of duties concerning governance There will need to be an entity to ensure the right things are being done in the right way. Put control structures into place This includes asking the following questions about mailing lists: Keep documentation about the processing of personal data Not having documented processes will be an offence which will incur a significant financial penalty. • Wheredid we get the data from? • Do we have the consent to use the information? • Did we buy it froma reputable source or did someone give it to us on a memory stick?Carryout document controls to monitor and manage compliance You will alsoneed to be ableto demonstrate evidence of these controls actually working in the organization, or face a significant financial penalty. • What are our governance policy and protocols around using the data? 6 Cookies An example of how European • Cookies are used to maintain Legislation states that users legislation is taking data privacy stated informationas a user must now consent to the use of seriously is demonstrated by navigates between different cookies - The opportunity to recent regulationsthat concern pages on a website, or returns opt-out is no longer sufficient. gaining consent from individuals to the website at a later time Consent may be obtained for the placingof cookies on by helping the web page explicitlythrough the use of an web browsers. server to recallthe user’s opt-in check box which users specific information can tick if they agree to accept What are cookies? cookies. • Cookieslet users store • Cookies are smallfiles that preferences and user names, websites put on a computer register products and hard disk drive when a user services, and personalize Consent may also be obtained first visits. pages. by implication.
Howto Protect Your Data How will this Change Your Working Environment? Banks don’t organize money, they managedata about finance. Logisticscompanies don’t ship products, they managedata about products. Amazon doesn’t sell books. It presents and processes data about books.” In a data-driven economy, ensuring governance and taking control of data will become increasingly important and the draft legislation provides you with a very clear mandate to do this. The governance issues will have knock-on effects throughout your entire organization and will encourage you to manage business document output in a much more structured way. management software and the inclusion of a data compliance policy in company handbooks. Tight controls on company databases and the automation of business processes will also become important. An audit of the permissions according to the user profileacross all ERP (Enterprise Resource Planning) & CRM (Customer Relationship Management) systems will limit the opportunityfor a data breach to occur and protect all sensitive informationrelated to customers. This will involvea review of the settings that each employee has on any database. For example, a salesperson will not need access to bank details in the financial module of an ERP system. From a Human Resources perspective, the new legislation means that we are going to see an increase in the importance of training in new controls and procedures in order to educate and inform personnel. We are also most likely to see a trend towards the adoption of output The risk of getting it wrong Daragh O’Brien Castlebridge Associates If organizations do not take data protection seriously this may lead to major financial and reputational costs. Sony, for example, was hacked nine times over a three-week period in 2011. People’s personal details were exposed, costing the brand around $175 million (US), and this does not include the cost relatingto brand damage. Adobe had a massive worldwide security breach and all subscriber details were comprised – costing the organization huge amounts in terms of crisis management and causing enormous damage to the brand in terms of image. The new legislation includes penalties of up to €2 million or 5% of global turnover for getting data protection wrong. This will therefore be an opportunity for companies to improve their brand image by acting more professionally via data cleansing and enrichment. Enterprises will therefore be in a positionto better manage one of their most critical assets – information. 30% A 2012 study by OVUM highlighted that for the average organization 30% of revenue is consumed by addressing data quality problems in the organization. This involves cross-checking data, fact- checking, correcting and responding to errors. In 2013 Estimated amount of revenue consumed by addressing data quality problems in the average organization. 7
Howto Protect Your Data Key Challenges you may Face The length of time it will take to change thinkingabout data It will take 18 months to two years for organizationsto put in placethe necessary structures. People seeing data protection as an IT or Marketingissue But it’s not. It’s an enterprise asset challenge that needs to be addressed. All companies even smallstructures will need someone to have an oversight over all key assets, including data. Thefuture data protection landscapes In a continuously challenging economic climate an extra effort will be required by everyone involved in data gathering, management and protection. Experts however believe that there will be effective protection for individualswherever their data is located, including cloud storage. There will be a much stronger focus on stewardship for holders of individuals’ personal data. This means enterprises will start treating personaldata as they would financial data and ensure that it is protected wherever it is located. We are also likely to see more penaltiesfor those who fail in their stewardship duties. For companies involved in marketing and customer relations the future privacy landscape will offer opportunities for those willing to investin providing what consumers want and finding innovative ways to reach them. Conclusion Organizations that focus on the idea that the draft legislationis going to make it more difficult for them to obtain consent to use data are missingthe real potential of the regulation.This legislation offers organizations many opportunities if they start to think of information holistically and treat it as an asset. If companies are able to put a proper governance process into place to deal with data protection they will then be able to ensure that the right things are being done in the right way. 8 Compliance checklist 1. Clarify who is in charge 2. Define what has to be done and by whom 3. Makesure people are doing the right things in the right way (for example extracting data or using marketing analytics) 4. Start including EU Data Protection/Privacy compliance requirements in your Data Governance regardless of where you are globally. 5. If you are in the EU, get your Data Protection, Data Governance, and Information Quality teams talking (and ideallyco- located or merged) and start lookingat what needs to change in your organization.
Howto Protect Your Data Main contributor Daragh O’Brien Founder and Managing Director, Castlebridge Associates, Ireland Castlebridge Associates provides coaching, consulting, mentoring, and project management services to organizations struggling with Information Quality challenges, Data Governance difficulties, Data Protection Compliance issues, or just finding it hard to hammer out their Information Strategy. Other sources • TDAN (The Data Administration Newsletter) • ico.org.uk (ICO - Information Commissioner’s Office) • Neopost’s 2011 Privacy Seminar • OVUM (provides independent and objective analysis that enables organizationsto make better business and technology decisions) • Hillicon Valley -The Hill’s Technology blog • The Office of the Data Protection Commissioner, Ireland ehow.com About Neopost Neopost is a global player with a localpresence in business solutions for the postal, parcel deliveryand related digitalworld of tomorrow. We have an intimate understanding of physical and electronic communications and work in collaboration with over 800,000 enterprises around the world.Our businesshas evolvedto meet the growing demands of a technology-driven environment. This means we can help our customers successfully make the transition from physical mail to quality multichannel communications management. Join us on neopost.com

More Related Content

PDF
delphix-wp-gdpr-for-data-masking
byJes Breslaw
 
PDF
Tangible Data Protection White Paper
byNick Banbury
 
PDF
GDPR, what you need to know and how to prepare for it e book
byPlr-Printables
 
PPTX
Smart Data Module 5 d drive_legislation
bycaniceconsulting
 
PPTX
Impact of GDPR on the pre dominant business model for digital economies
byEquiGov Institute
 
PPTX
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
byDr. Donald Macfarlane
 
PDF
Revista Just in Case Țuca Zbârcea & Asociații, Iunie 2016
byȚuca Zbârcea & Asociații
 
PPTX
How to get started with being GDPR compliant
bySiddharth Ram Dinesh
 
delphix-wp-gdpr-for-data-masking
byJes Breslaw
 
Tangible Data Protection White Paper
byNick Banbury
 
GDPR, what you need to know and how to prepare for it e book
byPlr-Printables
 
Smart Data Module 5 d drive_legislation
bycaniceconsulting
 
Impact of GDPR on the pre dominant business model for digital economies
byEquiGov Institute
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
byDr. Donald Macfarlane
 
Revista Just in Case Țuca Zbârcea & Asociații, Iunie 2016
byȚuca Zbârcea & Asociații
 
How to get started with being GDPR compliant
bySiddharth Ram Dinesh
 

What's hot

PDF
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
bySymantec
 
PPTX
Data privacy Legislation in India
byLATHA H C
 
PPTX
Legal issues in technology
byEzraGray1
 
PPTX
Data Protection in India
byHome
 
PDF
Data & Privacy: Striking the Right Balance - Jonny Leroy
byThoughtworks
 
PDF
How does the data protection reform strengthen citizens rights?
by- Mark - Fullbright
 
PPTX
General data protection regulation
byFahad Ameen
 
PPTX
GDPR Is Coming – Are Emailers Ready?
byMediaPost
 
PDF
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
bydan hyde
 
PPTX
NetSquared London - GDPR for charities
byTech Trust
 
PDF
Guide to-the-general-data-protection-regulation
byN N
 
PDF
Key Issues on the new General Data Protection Regulation
byOlivier Vandeputte
 
PDF
E Commerce Platform Data Ownership and Legal Protection
byijtsrd
 
PDF
Relationship between data protection and m&a (1)
byAshish vishal
 
PDF
Blake lapthorn In House Lawyer forum - 11 Sept 2012
byBlake Morgan
 
PDF
Research on Legal Protection of Data Rights of E Commerce Platform Operators
byYogeshIJTSRD
 
PPTX
Preparing for GDPR: What Every B2B Marketer Must Know
byIntegrate
 
PDF
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
byCédric Laurant
 
PDF
Information governance a_necessity_in_to
byAnne ndolo
 
PDF
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
byAndrea Omicini
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
bySymantec
 
Data privacy Legislation in India
byLATHA H C
 
Legal issues in technology
byEzraGray1
 
Data Protection in India
byHome
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
byThoughtworks
 
How does the data protection reform strengthen citizens rights?
by- Mark - Fullbright
 
General data protection regulation
byFahad Ameen
 
GDPR Is Coming – Are Emailers Ready?
byMediaPost
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
bydan hyde
 
NetSquared London - GDPR for charities
byTech Trust
 
Guide to-the-general-data-protection-regulation
byN N
 
Key Issues on the new General Data Protection Regulation
byOlivier Vandeputte
 
E Commerce Platform Data Ownership and Legal Protection
byijtsrd
 
Relationship between data protection and m&a (1)
byAshish vishal
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
byBlake Morgan
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
byYogeshIJTSRD
 
Preparing for GDPR: What Every B2B Marketer Must Know
byIntegrate
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
byCédric Laurant
 
Information governance a_necessity_in_to
byAnne ndolo
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
byAndrea Omicini
 

Similar to How to Protect Your Data

PDF
Gdpr in a nutshell
byMatthew Butler
 
PPTX
GDPR General Awarness for employees and personal data types
byAbdullaFatiya3
 
PPTX
skillcast-gdpr-training-presentation-q320.pptx
byRahulGarg294918
 
PDF
data privacy handbook: A starter guide to data privacy compliance
byDesmondMontgomery2
 
PPTX
General Data Protection Regulation (GDPR)
byExtentia Information Technology
 
PDF
Introduction to data protection
byRachel Aldighieri
 
PDF
Gdpr and usa data privacy issues
byStefan Schippers
 
PPTX
An introduction to data protection - Manchester - 24/06/15
byRachel Aldighieri
 
PPTX
An introduction to data protection - 2/09/2015
byRachel Aldighieri
 
PPTX
Data protection act
byRev Marketing
 
PDF
Legal and data protection update
byRachel Aldighieri
 
PDF
data-privacy-egypt-what-you-need-know-en.pdf
bykiruthigajawahar6
 
PPTX
Things to know about GDPR in 2018
byWebkul Software Pvt. Ltd.
 
PDF
GDPR - Sink or Swim
byGuy Griffiths
 
PDF
An introduction to data protection - 26 March 2014
byRachel Aldighieri
 
PDF
Data Privacy Program – a customized solution for the new EU General Regulatio...
byIAB Bulgaria
 
PPT
An introduction to data protection - 30 Jan 2014
byRachel Aldighieri
 
PDF
DMA - DPC Workshop - 23 October 2013
byRachel Aldighieri
 
PPTX
An Introduction to Data Protection (London) - June 2015
byRachel Aldighieri
 
PDF
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
byJadu
 
Gdpr in a nutshell
byMatthew Butler
 
GDPR General Awarness for employees and personal data types
byAbdullaFatiya3
 
skillcast-gdpr-training-presentation-q320.pptx
byRahulGarg294918
 
data privacy handbook: A starter guide to data privacy compliance
byDesmondMontgomery2
 
General Data Protection Regulation (GDPR)
byExtentia Information Technology
 
Introduction to data protection
byRachel Aldighieri
 
Gdpr and usa data privacy issues
byStefan Schippers
 
An introduction to data protection - Manchester - 24/06/15
byRachel Aldighieri
 
An introduction to data protection - 2/09/2015
byRachel Aldighieri
 
Data protection act
byRev Marketing
 
Legal and data protection update
byRachel Aldighieri
 
data-privacy-egypt-what-you-need-know-en.pdf
bykiruthigajawahar6
 
Things to know about GDPR in 2018
byWebkul Software Pvt. Ltd.
 
GDPR - Sink or Swim
byGuy Griffiths
 
An introduction to data protection - 26 March 2014
byRachel Aldighieri
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
byIAB Bulgaria
 
An introduction to data protection - 30 Jan 2014
byRachel Aldighieri
 
DMA - DPC Workshop - 23 October 2013
byRachel Aldighieri
 
An Introduction to Data Protection (London) - June 2015
byRachel Aldighieri
 
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
byJadu
 

More from Neopost Mailing Solutions, Digital Communications and Shipping Services

PDF
Neopost Corporate Presentation
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
PPTX
A sustainable approach for sustainable development
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
PPTX
Are You Ready for E-invoicing?
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
PPTX
Neopost Corporate Presentation
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
PDF
Has Your Entreprise Adopted E-Invoicing ?
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
PDF
Document Workflow: Challenges and Solutions
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
PDF
Holiday Shipping Advice
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
Neopost Corporate Presentation
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
A sustainable approach for sustainable development
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
Are You Ready for E-invoicing?
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
Neopost Corporate Presentation
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
Has Your Entreprise Adopted E-Invoicing ?
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
Document Workflow: Challenges and Solutions
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 
Holiday Shipping Advice
byNeopost Mailing Solutions, Digital Communications and Shipping Services
 

Recently uploaded

PPTX
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
PDF
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
PDF
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
PDF
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
PDF
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
PDF
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
PDF
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PDF
Sylvester Konadu Worcester MA - An Accomplished IT Analyst
bySylvester Konadu Worcester
 
PDF
Database Performance at Scale: The TL;DR
byScyllaDB
 
PDF
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
PDF
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
PDF
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
PDF
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Catalog Data - Keys to the Kingdom.pdf‎ ‎
byPrecisely
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
GenAI GraphTalk - Kuala Lumpur - 4 Nov 2025
bygourisachdeva2
 
Automating ArcGIS Enterprise Compliance for Operational Excellence
bySafe Software
 
#MakeAIMatter for HR Professionals | AI Transformation Workshop by Tekdi Tech...
byParth Lawate
 
The Accel 2025 Globalscape: Race for compute
byPhilippe Botteri
 
The Complete Crypto Airdrop Playbook: Strategies, Scams & Success Stories | 3...
by3verseTV
 
Dr. Robert Krug - Specializes In Predictive Modeling
byDr. Robert Krug
 
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
Sylvester Konadu Worcester MA - An Accomplished IT Analyst
bySylvester Konadu Worcester
 
Database Performance at Scale: The TL;DR
byScyllaDB
 
Open Source SecurityCon 2025 in Atlanta - Transparency Exchange API: Where To...
byPavel Shukhman
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
Manage Files Using CLI - RHCSA (RH124).pdf
byLinuxCert Guru
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
Writing GPU-Ready AI Models in Pure Java with Babylon
byAna-Maria Mihalceanu
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
Bulwark Pokemon League Top 8 graphic archive
byGc Howard
 
Access Linux File System in RHEL - RHCSA (RH124).pdf
byLinuxCert Guru
 
Catalog Data - Keys to the Kingdom.pdf‎ ‎
byPrecisely
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 

How to Protect Your Data

  • 1.
    Howto Protect YourData Howto Protect Your Data August 2014 Howto Protect Your Data Practicalideas to help organizations comply withdata protection legislation
  • 2.
    Howto Protect YourData Editorial Enno Ebels, Executive VP, Customer Information Management, Neopost Making sure customer data is accurate and providing a trace of who changes what and when help organizations make customer communications more cost effective.” “Dataprotection is becoming a priority for organizations as we move into a digitalenvironment where people care more about what happens to their personal information. The Snowden leaks (related to the NationalSecurity Agency in the US and its surveillance activities) and the level of public debate that followed highlight just how important data privacyhas become for citizens and enterprises around the globe. In the area of data qualityand master data management the initial stage involvesdata capture. Thenenterprises do something with the data, for example send a letter, delivera parcel or post a comment on a socialnetwork. However this data needs to be kept aliveas people move, products change and all kinds of additional information becomes available. This means that enterprises need to make sure they have a real process in place to managedata in the same way they manage other assets. A large amount of information is now being collected on people, so rulesneed to be put in place in order to controlall of the metadata being pulled together from various sources. This sets the stage for companies to re-think their business model and decide how to use data to improveproducts and services. Making sure customer data is accurate and providinga trace of who changes what and when help organizations make customer communications more cost effective and enable enterprises to comply with different industry sector rulesand regulations.Cleaner and enriched databases offer enterprises an opportunity to create a ”single customer view” containing business-critical information. This includes an accurate name and address, purchasing preferences and multichannel delivery and contact points. I believethat data is an asset and, although there are no clear rules on how to valueit from an accounting perspective, I think it shouldgo on the balance sheet at some point. The new data protection legislationplanned for Europe will offer opportunities for enterprisesthat treat data as an asset, and by this I mean an asset witha value. The planned regulations will put more emphasis on data ownership and the need for governance in order to ensure data is handled correctly and stays current. I am convinced that data will become a very valuable tool in the future and enterprises will be able to do a lot more for their customers if they learn how to leverage the data they collect while ensuringthe protection expected by these customers.” 2
  • 3.
    Howto Protect YourData Know Your Customer Data protection is all about respecting an individual’sright to privacy and the new data protection regulations,currently going through final reviewby the European parliament, will provide organizations with the momentumthey need to manage their data more effectively. But what do you need to do in order to ensure yourorganization complieswithdata protection legislation whileincreasing customer satisfaction? Responsible customer relations Successful customer relations involves taking into account a consumer’s rightto be “left alone” and communicating with willing recipients using the customer’s preferred channel – either postal mail, digital mail or multichannel delivery. If you wishto use personaldata for postal marketing, you must tell your customers, or prospects that you intend to use theirdata for this purpose and give them the opportunity to refuse such use. Where you yourselfhave collected the data thisshouldbe done at the time of collection by providing, for example, a tick box on a form.If the data has been obtained from a third party the opportunity to refuse direct marketing materials must be provided before any materialsare sent out. Contact details can onlybe used for electronic marketing purposes (text messages, voicemessages, sound messages, image messages, multimediamessages and emails) when: • The sale of the product or service concerned took place not more than 12 months prior to the sendingof the customer communication • This means that organizations need to carefully manage all of the personal data they hold, improve data qualityand take steps to complywith data protection legislation. • The product or service you are marketing is similarto that whichyou sold to the customer at the time you obtained their contact details • You gave the customer the chance to object to you using their details easilyand free of charge • Each time you send a marketing message you give the consumer the right to object to receivingmore messages in the future 3
  • 4.
    Howto Protect YourData What is the Data Protection Legislation? In Europe The aim of the Data Protection Act (passed in the UK in 1998) is to provide individualswith a way to control information about themselves. The legislation in its current form gives people a right of access to personaldata. This includes information held by a companythat relates to an individual. A lot of data is considered to be sensitiveand if it were to fall into the wrong hands this would be regarded as a breach of civil liberties. European Union (EU) Data Protection Directive, requiring member states to protect individuals’rights and freedoms - in particular people’s right to privacy when it comes to the processing of personal data. the GeneralData Protection Regulation (GDPR).One of the reallysignificant aspects of the proposed regulation is that it will extend EU laws to non-EU companies sellinginto the EU. The timeline for this has still not been confirmed. The European parliament wants to get it through by 2015. There are arguments being put forward in order to delay the legislation, to ensure that it is fully talked through but the aim is to have the regulation implemented by 2017/2018 in Europe. Other European Unioncountries have passed similarlaws as often information is held in more than one country. The European Commission is currently planningto bring together all data protection within the EU with a single law, The aim of the 1998 legislation was to alignUK law with the 1995 In the US The following Data Protection laws exist in the US: individualscontrol over their data. If such legislationis passed it will allow consumers to opt out of online tracking. FACTA The Fair and Accurate Credit Transaction Act (2003) This legislationaims to protect consumers’ credit information from the risksassociated with data theft. It makes it illegal for credit and debit card receipts to containany more than the last fivedigits of a consumer’s card number, however the regulationis not applicableto handwritten receipts. The most recent uproar in the US concerned the “do not track”movement which is specifically related to tracking online activity in orderto create consumer profiles. A “do not track’ bill was introduced in early 2013 as some people believe that legislation is the onlyway to give HIPAA The Federal Health Insurance Portabilityand Accountability Act (1996) This legislation offers protection for people’shealth-related information. It specifies who can have access to an individual’s health data. This covers medical providers’ records, health insurers’ computer records, billing informationand conversations that doctors have had with other health professionals about a person’s care and treatment. There is growing consensus on some of the commonprinciples between EU and US data protection law and the EU is seen as a benchmark framework. Furthermore there is a move in the US to strengthen privacylawsat State level and a push at Federallevel to clarifythe laws there. The draft EU regulation will have an effect on the US as American companies that are engaged in the processing of data relatingto EU citizens will have to comply. Planned for EU General Data Protection Regulation (GDPR) EU European Union Data Protection Directive UK Data Protection Act 2015 1998 1995 4
  • 5.
    Howto Protect YourData How Can You Comply? Organizations and professionals that need to store personaldata from clients in order to do businessneed to comply. Most companiesthat process customer data fall under the requirements of the Data Protection Act. The Data Protection Act can be complex and difficult to interpret. However it consists of eight key principles that organizationsmust adhere to. needed to forma basic record of a person they have removed from their search. It is appropriate to keep this small amount of informationso that these people are not contacted again about debts which do not belong to them. Also, some of the informationis in the formof handwritten notes that are difficult to read. Without access to the organization’s key or index to explain this information, it would be impossiblefor anyone outside the organizationto understand. In this case, the Act requires you to explainthe meaning of the coded information.4. Keep it accurate, complete and up-to-date Example: A journalist builds up a profile of a particularpublic figure. This includes information derived from rumors circulating on the Internet that the individual was once arrested on suspicion of dangerous driving. If the journalist records that the individual was arrested, without qualifying this, he or she is asserting this as an accurate fact. However, if it is clear that the journalistis recording rumors,the record is accurate – the journalist is not asserting that the individual was arrested for this offence. 7. Keep it safe and secure Example: An organization holds highly sensitive or confidential personaldata (such as information about individuals’ health or finances) which could cause damage or distressto those individuals if it fell into the hands of others. The organization’s information security measures should focus on any potential threat to the informationor to the organization’s information systems. 8 Waysto Ensure Compliance with Current Legislation 1. Obtain and process information fairly Example: Personal data will be obtained fairly by the tax authorities if it is obtained from an employer who is under a legal duty to provide details of an employee’s pay, whether or not the employee consents to, or is aware of, this. 8. Do not transfer it outside the European Economicarea unless that country or territory ensures an adequate levelof protection Example: A multinational company transfers a list of internal telephone extensionsto its overseas subsidiaries. The nature of the information makes it unlikely that the individuals identified would suffer significant damage in the unlikely event that an unauthorized source obtained the list. It is reasonableto decidethat adequate protection exists. 5. Retain it for no longer than is necessary for the purpose or purposes Example: A bank holds personal data about its customers. This includes details of each customer’s address,date of birth and mother’s maiden name. The bank uses this information as part of its security procedures. It is appropriate for the bank to retain thisdata for as long as the customer has an account with the bank. Even after the account has been closed,the bank may need to continueholding some of this information for legal or operational reasons. 2. Keep it only for one or more specified, explicit and lawful purposes Example: A not-for-profit chess club only uses personal data to organize a chess league for its members. The club is exempt from notification, and the purpose for which it processes the information is so obviousthat it does not need to give privacynotices to its members. The specified purpose of processing shouldbe taken to be the organizationof the members’ chess league. 3. Ensurethat it is adequate, relevant and not excessive Example: A debt collectionagency is engaged to find a particular debtor. It collects information on several people with a similarname to the debtor. During the enquiry some of these people are removed. The agency should delete most of their personal data, keeping only the minimum data 6. Givea copy of his/her personal data to an individual,on request Example: An individual makesa request for their personal data. When preparing the response, you noticethat a lot of it is in coded form. For example, attendance at a particular training session is logged as “A”, while non-attendance at a similarevent is logged as “M”. 5
  • 6.
    Howto Protect YourData How Can You Deal with the UpcomingEU Legislation? Defineyour processes and understand them At the core, the data protection principles will remain largely the same. But some new rights will be provided and a number of new responsibilities will be placed on Data Controllersand Data Processors. What organizations will need to do is probably being done already, but in an unstructured way. So this means formalizing processes. In practice this means that you will have to: Start managing data in a structured way This will involve managing data the way you manage other assets such as company cars, stationery or financial results. Appoint a Data Protection Officer (DPO) This will applyto organizations with over 250 employees or entities engaged in “systemic monitoring” of EU citizens or public sector structures. Not having a DPO will constitute an offence, with a significant financial penalty. Ensure your organization has a clear segregation of duties concerning governance There will need to be an entity to ensure the right things are being done in the right way. Put control structures into place This includes asking the following questions about mailing lists: Keep documentation about the processing of personal data Not having documented processes will be an offence which will incur a significant financial penalty. • Wheredid we get the data from? • Do we have the consent to use the information? • Did we buy it froma reputable source or did someone give it to us on a memory stick?Carryout document controls to monitor and manage compliance You will alsoneed to be ableto demonstrate evidence of these controls actually working in the organization, or face a significant financial penalty. • What are our governance policy and protocols around using the data? 6 Cookies An example of how European • Cookies are used to maintain Legislation states that users legislation is taking data privacy stated informationas a user must now consent to the use of seriously is demonstrated by navigates between different cookies - The opportunity to recent regulationsthat concern pages on a website, or returns opt-out is no longer sufficient. gaining consent from individuals to the website at a later time Consent may be obtained for the placingof cookies on by helping the web page explicitlythrough the use of an web browsers. server to recallthe user’s opt-in check box which users specific information can tick if they agree to accept What are cookies? cookies. • Cookieslet users store • Cookies are smallfiles that preferences and user names, websites put on a computer register products and hard disk drive when a user services, and personalize Consent may also be obtained first visits. pages. by implication.
  • 7.
    Howto Protect YourData How will this Change Your Working Environment? Banks don’t organize money, they managedata about finance. Logisticscompanies don’t ship products, they managedata about products. Amazon doesn’t sell books. It presents and processes data about books.” In a data-driven economy, ensuring governance and taking control of data will become increasingly important and the draft legislation provides you with a very clear mandate to do this. The governance issues will have knock-on effects throughout your entire organization and will encourage you to manage business document output in a much more structured way. management software and the inclusion of a data compliance policy in company handbooks. Tight controls on company databases and the automation of business processes will also become important. An audit of the permissions according to the user profileacross all ERP (Enterprise Resource Planning) & CRM (Customer Relationship Management) systems will limit the opportunityfor a data breach to occur and protect all sensitive informationrelated to customers. This will involvea review of the settings that each employee has on any database. For example, a salesperson will not need access to bank details in the financial module of an ERP system. From a Human Resources perspective, the new legislation means that we are going to see an increase in the importance of training in new controls and procedures in order to educate and inform personnel. We are also most likely to see a trend towards the adoption of output The risk of getting it wrong Daragh O’Brien Castlebridge Associates If organizations do not take data protection seriously this may lead to major financial and reputational costs. Sony, for example, was hacked nine times over a three-week period in 2011. People’s personal details were exposed, costing the brand around $175 million (US), and this does not include the cost relatingto brand damage. Adobe had a massive worldwide security breach and all subscriber details were comprised – costing the organization huge amounts in terms of crisis management and causing enormous damage to the brand in terms of image. The new legislation includes penalties of up to €2 million or 5% of global turnover for getting data protection wrong. This will therefore be an opportunity for companies to improve their brand image by acting more professionally via data cleansing and enrichment. Enterprises will therefore be in a positionto better manage one of their most critical assets – information. 30% A 2012 study by OVUM highlighted that for the average organization 30% of revenue is consumed by addressing data quality problems in the organization. This involves cross-checking data, fact- checking, correcting and responding to errors. In 2013 Estimated amount of revenue consumed by addressing data quality problems in the average organization. 7
  • 8.
    Howto Protect YourData Key Challenges you may Face The length of time it will take to change thinkingabout data It will take 18 months to two years for organizationsto put in placethe necessary structures. People seeing data protection as an IT or Marketingissue But it’s not. It’s an enterprise asset challenge that needs to be addressed. All companies even smallstructures will need someone to have an oversight over all key assets, including data. Thefuture data protection landscapes In a continuously challenging economic climate an extra effort will be required by everyone involved in data gathering, management and protection. Experts however believe that there will be effective protection for individualswherever their data is located, including cloud storage. There will be a much stronger focus on stewardship for holders of individuals’ personal data. This means enterprises will start treating personaldata as they would financial data and ensure that it is protected wherever it is located. We are also likely to see more penaltiesfor those who fail in their stewardship duties. For companies involved in marketing and customer relations the future privacy landscape will offer opportunities for those willing to investin providing what consumers want and finding innovative ways to reach them. Conclusion Organizations that focus on the idea that the draft legislationis going to make it more difficult for them to obtain consent to use data are missingthe real potential of the regulation.This legislation offers organizations many opportunities if they start to think of information holistically and treat it as an asset. If companies are able to put a proper governance process into place to deal with data protection they will then be able to ensure that the right things are being done in the right way. 8 Compliance checklist 1. Clarify who is in charge 2. Define what has to be done and by whom 3. Makesure people are doing the right things in the right way (for example extracting data or using marketing analytics) 4. Start including EU Data Protection/Privacy compliance requirements in your Data Governance regardless of where you are globally. 5. If you are in the EU, get your Data Protection, Data Governance, and Information Quality teams talking (and ideallyco- located or merged) and start lookingat what needs to change in your organization.
  • 9.
    Howto Protect YourData Main contributor Daragh O’Brien Founder and Managing Director, Castlebridge Associates, Ireland Castlebridge Associates provides coaching, consulting, mentoring, and project management services to organizations struggling with Information Quality challenges, Data Governance difficulties, Data Protection Compliance issues, or just finding it hard to hammer out their Information Strategy. Other sources • TDAN (The Data Administration Newsletter) • ico.org.uk (ICO - Information Commissioner’s Office) • Neopost’s 2011 Privacy Seminar • OVUM (provides independent and objective analysis that enables organizationsto make better business and technology decisions) • Hillicon Valley -The Hill’s Technology blog • The Office of the Data Protection Commissioner, Ireland ehow.com About Neopost Neopost is a global player with a localpresence in business solutions for the postal, parcel deliveryand related digitalworld of tomorrow. We have an intimate understanding of physical and electronic communications and work in collaboration with over 800,000 enterprises around the world.Our businesshas evolvedto meet the growing demands of a technology-driven environment. This means we can help our customers successfully make the transition from physical mail to quality multichannel communications management. Join us on neopost.com