Last week, I shared how your privacy notice is your front door to your company. And you don’t want it to be a bad experience or someone screaming at you.
You should share relevant just in time information about what your collecting as necessary and also have an appropriately placed privacy notice.
Privacy practices reflect your brand, and your user experience is a part of that (lots of marketing, customer/user experience, brand posts).
Do you know what data you collect, use, sell, share, and store?
Data inventories help companies understand the data they have from start to finish. It includes all the third-parties involved and all the systems on which they rely.
It means for each process you have, you know what specific pieces of information you’ve collected about each person and where each of those pieces of information are stored.
Data inventories are required by GDPR and the first step to complying with CCPA.
They significantly influence the way you construct your privacy notice and individual rights process and policy. There’s no way to create these documents when you don’t know what data you have, how it’s being used, and where it’s stored.
Need to take a data inventory of your small business to be GDPR compliant? This template has sample processing activities to help get you started on what to document. Plus, it has a list of fields you need to document for a complete data inventory.
Get your free download here: https://lnkd.in/eTp9BRA
Anyone else receiving calls and texts that DO NOT follow the rules? 📱📞☎️
Warning to all telemarketers, don’t call a privacy professional’s house as we will report you. Get to know the Telemarketing Sales Rule (TSR) and the Telephone Consumer Protection Act (TCPA)
Here’s what YOU need to know on what can be sent and your options.
Specifically for political calls, per the FCC site, “Political campaign-related autodialed or prerecorded voice calls, including autodialed live calls, prerecorded voice messages, and text messages, are:
👉Not allowed to cell phones/ other mobile devices without the called party's prior express consent.
👉Not allowed to protected phone lines such as emergency or toll-free lines, or lines serving hospitals or similar facilities, unless made with the called party's prior express consent.
👉Allowed when made to landline telephones, even without prior express consent.”
Robotexts - text messages generated through autodialing - are considered a type of call and fall under all robocall rules … require the called party's prior express consent if .. generated using autodialing…political text messages can be sent without prior consent of the intended recipient if the sender does not use autodialing technology to send the text.
Learn more here https://www.fcc.gov/consumers/guides/stop-unwanted-robocalls-and-texts
FCC.GOV
Stop Unwanted Robocalls and Texts
When it comes to cookie notices around the world, most people think of GDPR in the EU, and CCPA in California. But there are more privacy laws to be aware of, and each law brings its own level of regulation. What countries do you operate in? Have you reviewed your cookie notice requirements recently? This infographic gives a glimpse into the global cookie requirements.
During times of upheaval or change, cybercriminals capitalize on confusion and uncertainty. A study from Iomart shows that data breaches jumped 273% during the first 3 months of COVID-19, and a typical data breach for a large company results in data loss of between 10 million and 99 million records and dings a company’s value by 7.27%. For small businesses a data breach can be catastrophic.
Experts say different kinds of attacks are on the rise. Companies, both large and small, governments and individuals are all targets. Among the most common types of attacks seeing an uptick are ransomware, destructive attacks and island hopping.
As the dust settles, many businesses are now looking at potential extended work-from-home arrangements and finding ways to secure those systems. How are you protecting your remote employees and company?
Read more: https://lnkd.in/dHvKe8C
CNBC.COM
Cybercrime ramps up amid coronavirus chaos, costing companies billions
Just another day with some cute bears in the woods using their modern day computers and wondering what’s happening with their data.
What's the difference between GDPR and CCPA? Are you confused about what these two laws mean for you and your business?
These two laws are the most comprehensive data privacy laws ever passed, and both can have major implications for your business if you collect consumer data.
Our two-page summary will help you navigate these two laws and how they apply to your business. You'll learn:
-what the key takeaways are for both bills
-how to get started in becoming compliant for each law
-what the fines are for violation
-the 10 steps you can take to compliance under both laws
Don't get left out in the cold in 2020. Get caught up on data privacy with our summary today: https://lnkd.in/egcTqGB
I’m often asked where does the privacy notice go on a website or mobile app?
The privacy notice informs the customer when personal data is collected, used, shared and stored plus how they can manage their individual rights.
So it should go on every page you collect personal data keeping in mind all those digital technologies are now also considered personal data.
What about in an app? In the settings menu is its usual resting place but NOT multiple layers in. Either just as a standalone link or within legal is acceptable.
Also consider including a privacy notice link when there is a new account setup, a purchase made, or in highly regulated fields such as financial services it’s often in the footer.
Do not start asking for personal information without the user first seeing a privacy notice.
How secure is your cloud server?
Let’s talk about vendors: the good, the bad, and the complicated.
If you're a business owner, you probably use them. You probably have thought long and hard about how they can expand your business services, streamline your operations, and make you more competitive.
High five! You should be thinking about those things. But those issues are only half of what you need to be concerned with.
What else should be on your radar? Vendor risk management.
When you’re talking about a vendor risk management system, you’re talking about everything that falls under the scope of mitigating the risks posed by incorporating third-party vendors into your business operations. Read more: https://redcloveradvisors.com/2020/08/17/vendor-management-guide/
Today I gave a webinar with Stephanie Hanson from OneTrust. We talked about how companies can prepare for a cookieless world and how to build trust online. 🍪
The removal of third-party cookies is one of the hottest topics in the ad tech privacy landscape right now.
80% of customers preferred to do business with companies they believe will protect their information.
Regulations like CCPA in GDPR forced companies to think about how they process customer data. Browsers are moving away from third party cookies, forcing companies to revisit their data strategy.
We discussed tactical approaches companies can take today to prepare including preference centers and leaning into the customer first approach.
If you missed it, let us know and we will be sure to get you the recording.
Do your kids have iPads? iPhones? 📲
Know how to talk to Alexa? Siri? Another robot? 🤖
The Internet of Things has made life a lot more convenient. It's also allowed our children to have access to technology at an earlier age.
To protect your children when they're using IoT products, enable PIN protection, and more. Here are Savvy Cyber Kids top 5 tips: https://lnkd.in/dX-z4_V
SAVVYCYBERKIDS.ORG
5 Ways to Protect Your Kids When They Use IoT Products
We live in a world where with one wrong move you are at risk for being SUED!!! We've all seen it happen to businesses: anyone remember the coffee that was too hot at McDonalds?
Well if hot coffee is enough to sue a company- you can only imagine how riled up the general public will get over their personal data.
So here's the thing-chances are when it comes to data privacy, you're likely making a few mistakes (but that's okay!).
That's exactly why Red Clover Advisors create this quiz-
Uncover Your #1 Privacy Mistake that Could Get YOU SUED!!!
Click the link below to take the quiz!
redcloveradvisors.com/quiz
Imagine a piece of data.
👉What door does it come in from?
👉Where is it stored?
👉Who in the company uses it?
👉Why is it used?
Data inventories aren’t only important because they are required under GDPR (formal name “record of processing activity”) or a best practice for CCPA.
Understanding is the stepping stone to a privacy program.
It’s impossible to write a privacy notice or respond to an individual rights request without knowing the life of personal data in the company.
Can your company do this for all the data you have? If the answer is no or maybe or not the strongest yes, then it’s time to start on those data inventories.
In the land of individual rights, it’s important for companies to have a well prepared and documented process. Here’s an illustration with a much simplified individual rights example to highlight the multiple steps that need to take place. Inherent in all these steps, are the fine details for having a method to receive the requests (email, webform, 800 # in some cases), ability to verify the requester, knowing how to find all the information, a policy to know how to manage requests, methods to communicate with the requester and internally, the steps to actually process the request, and the ability to log and track what’s transpired. If the request can’t be deleted, if it’s accessing information, opt-out of sale, or stop processing, the steps will be different.
How is your company prepared to manage these requests, find the data, and communicate back to the requester? Having a process in place is not enough. Companies need to create it with the customer in mind as the user experience from the time of submission to the emails received all reflect a company’s brand.
What’s your method to keeping passwords secure?
When you launch a new product or marketing campaign, the questions start coming.
How much does it cost?
What technology is used?
Who do we have to complete this?
Do we need to hire anyone?
Has the contract been sent to legal?
Has a marketing campaign been started?
How will data be secured?
Less often are the questions asked about:
what type of data is being used
where is it being stored
what does the privacy notice say?
How does this impact individual rights if we had to fulfill a request?
Who is this vendor the data is going to and how will they use it?
At your next meeting, be sure to invite Privacy TO have a “seat at the table” or to your “zoom call”
When privacy is incorporated at the beginning of a project, the voice of the customer and their data is addressed. Consider privacy at the beginning of the project not as an after thought or just the legal contract.
For this Black Friday, here are some cybersecurity tips to keep in mind.
👉 Beware of websites that ask for too much information - such as asking for more than your address to ship
👉Beware of saving your payment details.
👉Beware of security questions
If you think you've been the victim of a phishing scam, this article shares some good advice on what to do, including
👉Using 3rd party payment providers like Amazon Pay, and Apple Pay, rather than giving your credit card information
👉Only purchasing from secure websites (look for https://)
Read more:
https://stimuluscheckup.com/2020/11/23/black-friday-security-tips-beware-of-websites-that-want-too-much-info/
STIMULUSCHECKUP.COM
Black Friday security tips: Beware of websites that want too much info - Stimulus Check Up
2020 has been really turbulent, right?
Let's not talk about that. Instead, let’s talk about the ways that we can make the rest of the year better, safer, more manageable for everyone.
At Red Clover Advisors, we’re thinking about improvements in that context.
Here's what we've seen in 2020 regarding cybersecurity, and 8 ways that you can make things easier when it comes to your privacy.
https://lnkd.in/dR_VB5P
REDCLOVERADVISORS.COM
8 Things You Can Do To Make Cybersecurity Easier
When clients ask us to help with their privacy program, the first place we start is to begin understanding the data collected, used, shared and stored.
GDPR requires documentation of processing activities.
I’m often told “oh we don’t collect any personally identifiable information or we just collect name and email.” Name, email and digital identifiers all count as personal data under the modern era of privacy laws.
A common question we’re asked is how to start this data inventory process.
We break the business down into business processing activities.
Here’s an example of sample business processes in marketing where a company might process personal data.
Each of these could warrant its own documented data discovery exercise.
Through this process we’ll learn what data is collected, used, shared (could it qualify as a sale under CCPA?), stored and be able to create a privacy notice, individual rights plan, and review security measures.
Being privacy-friendly is crucial to your business and customer relationships, but what steps can you take to ensure you have the right protection? Thanks to Entrepreneurs' Organization for the opportunity to share 6 ways to protect your data during COVID-19 via Inc. Magazine:
https://www.inc.com/entrepreneurs-organization/6-ways-to-protect-your-data-during-covid-19.html
As a board member of Savvy Cyber Kids, I'm happy to share this fundraiser. They provide resources for parents and teachers to educate children as they grow up in a world surrounded by technology by teaching numerous Cyber Safety & Ethics concepts such as personal Internet safety, bully response, technology balance, digital reputation and privacy.
Support them and be entered to win a Tesla! See below:
https://savvycyberkids.org/2020/10/31/support-savvy-cyber-kids-and-get-a-chance-to-win-a-tesla/
SAVVYCYBERKIDS.ORG
Support Savvy Cyber Kids and Get a Chance to Win a Tesla!
What if I told you that there was something that you could do that would:
👉Build better relationships with your customers
👉Protect your business
👉Get you on the right side of data privacy laws and regulations
👉Was totally achievable regardless of how big or busy your business is AND
👉Would take your mind off of the crazy times we’re living through right now?
Let’s take a look at the CCPA best practices and see what you can do to make your 2020 just a little better:
https://redcloveradvisors.com/2020/11/09/ccpa-best-practices/
REDCLOVERADVISORS.COM
Best Practices For CCPA Compliance | CCPA Best Pactices Guide
Do you know what your kids are doing on social media?
Do you know how to talk to them about who is out there?
Who they connect with?
Especially these days, with remote or hybrid school, kids are spending more time than ever in front of digital devices. Savvy Cyber Kids provides great resources to help you keep your children safe: savvycyberkids.org
I hear it all the time from companies who say privacy regulations disrupt business practices or can be annoying.
When I work with companies and we start digging in together to understand the data flowing through the company, they realize that by complying with privacy regulations and thinking of the customer first, they actually build better business practices.
You might be wondering what’s the next regulation on the privacy block (that’s passed) in America? The California Privacy Rights Act (CPRA). CPRA retools some of the wonky parts of its predecessor, the California Consumer Protection Act (CCPA), but more than that, it extends new and meaningful action items for businesses.
If you weren’t privacy-inclined before now, you might want to reconsider it. I share why via Forbes: https://www.forbes.com/sites/forbesbusinesscouncil/2021/01/21/how-cpra-is-forcing-privacy-to-become-a-part-of-good-business/?sh=53ff74282660
FORBES.COM
Council Post: How CPRA Is Forcing Privacy To Become A Part Of Good Business
Striking the balance between the free market and protecting consumers terms of privacy and security is a hot topic right now. Listen in as Justin Daniels of Baker Donelson and Jodi Daniels dig into the dilemma that we face as a society and what the solution might be with fellow ProVisors member Andy Hepburn.
You'll learn:
👉Privacy Issues that have spanned 10-15 years
👉Unintended consequences of regulation that has been outpaced by technology.
👉Striking the balance between the free market and protecting consumers
👉Looking into Andy's crystal ball of what the future of regulation might look like
👉How adopting the European view on privacy might be our new normal
👉The introduction of a digital nutrition label
Listen in here: https://redcloveradvisors.com/podcasts/the-regulation-dilemma-how-can-we-standardize-privacy-and-security/
I'm so grateful to work with Poppin, a company that's already a leader in employee engagement and activity, and they were ready to extend that industry leadership to customer-centric, compliant privacy practices as well. Read about the proactive approach to privacy that they took with the help of Red Clover Advisors: https://redcloveradvisors.com/proactive-approach-to-privacy-case-study/
In this Inc Magazine article, Jeff Haden shares the 7 magic words to achieve big things.
The phrase that makes people try harder, and stay the course longer:
👉This will be really hard for you.
How does that resonate with you? What motivates you to achieve great things?
Read the article here: https://www.inc.com/jeff-haden/science-says-use-7-magic-words-of-goal-achievement-to-accomplish-big-things.html
INC.COM
Want to Be More Successful? Science Reveals the 7 Magic Words of Goal Achievement
