“The advice for companies is that yes, you’re going to collect data, but you need to be transparent with the consumer, whether you’re doing it in person or digitally. You need to be transparent in privacy notices and statements about what you’re collecting and what the motives are for collecting it. It’s always better to be overly detailed and explain exactly what you’re doing with that data.”
Take a Company Wide Approach
“Cyber risks need to have a holistic approach by a company; it’s not just an IT issue.”
Only Store Essential Data
“You can’t prevent entities from being hacked, and I don’t think that’s what regulators are aiming at. You can, however, reduce the volume of records exposed. I call that being on a data diet. That way, when a breach happens, maybe the records exposed won’t be seven figures – maybe it can be [less].”
“People need to be better informed. This is a growing problem.”
Pay Attention to Privacy Statements
“A lot will boil down to the privacy statement contract between the consumer and the company doing the aggregation. If the company is in any way violating the privacy statement, the FTC and any attorney general can bring a lawsuit under a trade practice claim.”
Was this article valuable?
Here are more articles you may enjoy.