What do you do when you learn that your company’s server has been hacked and untold quantities of data stolen? What do you do when you learn of a glitch in an app your company sells that gives malware easy access to data on devices on which the app has been loaded? What do you do when a company laptop or mobile device has been stolen? What do you do when an employee receives unsolicited email, clicks on a link in the email, and installs malware on a company computer?
If your organization has a website, collects, stores, or processes sensitive data, or uses smartphones, tablets, email, social media, cloud-based services, or laptops, and it lacks a plan to address scenarios such as these, then it is time to remedy the lapse by developing a data privacy and security program. While observers recognize it is nearly impossible to create a digital Fort Knox impervious to breach, it is clear that taking substantial, meaningful steps to assess and protect sensitive data will go a long way toward minimizing risk of loss and liability for data breaches.