Data privacy in Global Mobility
Technology brings many advantages and benefits to organizations, but it is also a reality that it is susceptible to threats and attacks that put employee and internal information at risk.
Keeping confidential information secure is crucial to conducting business with integrity. Secure websites, data encryption, firewalls, VPNs, and multi-factor authentication are just some of how data can be safeguarded, yet hackers use their expertise to breach systems.
Employee personally identifiable information (PII) can be used to identify a specific individual. It typically includes postal and e-mail addresses, names, telephone numbers, and social security numbers. Companies that relocate employees also store passport information, IP addresses, login IDs, social media posts, digital images, and other documentation that must remain securely guarded.
Some of this information is shared with global service providers to provide support during relocation or assignment. As such, the global mobility industry creates a massive network of information exchange that must be protected.
Any organization relocating employees must know the importance and relevance of data security and privacy and understand the difference between compliance and certification.
Data security and privacy
Although these terms are related, they address different facets of data processing. Data security focuses on the processes for protecting information (i.e., how it is accessed and how it can be modified).
Data privacy focuses on the rights of data subjects to control their information (i.e., how it is used, how long it is retained, etc.).
When data is not protected or kept private and unauthorized actors, access it, a cyber-attack or breach results.
Data breaches are something that all companies try to avoid but for which they may be unintentionally targeted.
Legislation to Secure Data and Protect Privacy
Governments have taken steps to protect their citizens’ data security and privacy rights. Arguably the most significant legislation was that passed by the European Union with the General Data Protection Regulation (GDPR). It came into force on May 25, 2018. According to www.GDPR.eu, “The GDPR is the world’s toughest privacy and security law. Although drafted and passed by the European Union (EU), it imposes obligations on organizations anywhere, as long as they target or collect data related to individuals in the EU.”
Compliance vs. certification
Both certification and compliance with a set of standards are essential to data security; let’s define the terms:
– Adhering to legal, government, and business data-related processes as defined by consulting checklists.
– Organizing and managing sensitive data to comply with checklists.
– Protecting personal data and privacy to the maximum extent possible.
– Self-regulate and self-certify without external audits to ensure ongoing compliance.
Certification is broader than compliance and involves:
– Assessment of processes by an accredited external company that determines necessary security improvements, maintenance of certification, or both.
– Annual audits by an accredited external auditor.
– Significant investment in process development and documentation, which includes
departments dedicated to ongoing compliance and maintenance of certifications.
– Documented evidence that the company has data security and privacy measures in place.
GDPR and CCPA are examples of regulatory standards that require compliance; however, there are additional steps companies can take to obtain certification and demonstrate that they meet rigorous standards beyond what is necessary for compliance with applicable laws.
The International Organization for Standardization (ISO) is an independent organization recognized as a world leader in promoting standards.
ISO includes a family of quality standards and is best described as “a formula for the best way to do something.”
For the global mobility sector, the standards that are adapted are:
– IT security standards focused on protecting sensitive information.
– Quality standards aimed at making work more efficient by reducing potential failures.
– Environmental standards aimed at sustainability: reducing waste and environmental impact.
– Energy management to reduce energy consumption and the use of natural resources.
Work from home and data security:
This trend is on the rise, and more than ever, it is imperative that organizations have basic work-from-home protocols that also include data security:
– Company laptops with VPN, firewall, and IP address.
– Company-wide training on employee policies and expectations.
– Multi-factor authentication.
– Access controls and active directory.
– Mobile device management policy.
– Employees must be logged in and authorized to access the cloud.
– Sensitive data is only sent to company e-mail addresses, not personal ones.
– Ongoing logs and audits.
– Monthly security training for all employees.
Without these basic protocols, data is at greater risk and more prone to cyberattack or breach.
Why it’s crucial in the global mobility industry?
Supply chains are the weakest link in organizations engaged in global mobility, and properly deploying data security through professionals reduces risks.
Knowing suppliers’ compliance and certification competencies will reassure relocated employees and their families. If data is not adequately secured and protected, employees’ personally identifiable information, private personal files, and sensitive business information could be at risk.
Privacy regulations such as GDPR and CCPA are a step toward compliance. Security certifications such as ISO ensure that data has undergone the rigorous process of regular external audits.