Years of working in IT, especially in the financial and medical industries, have made me more paranoid than most people about data privacy considerations. We’ve all seen the data breach headlines from companies like Target, Home Depot, Adobe and countless others. These are companies with dedicated security teams charged with taking important measures to secure customer data who have nevertheless failed in this effort.
While the threat of a data breach cannot be eliminated entirely, having a written policy and methodically following it will go a long way. In many jurisdictions, companies are legally obligated to have such policies in place, so why shouldn’t you?
When I was recently asked to install an MDM client on my personal phone in order to access company email, I had to say no. There are various reasons for this, many related to the tin-foil hat that has kept my data safe for many years. However, when it came down to explaining this in simple terms, I was at a loss without going off on an extended Libertarian tirade on the merits of privacy. So, in order to remedy this loss of words in the future, I decided to write and publish my own person Data Privacy Policy.
It’s amazing how simple this makes things. The next time I’m asked to give out my personal information and am not comfortable doing so, I can just refer the requestor to my publicly available Data Privacy Policy. If their policy is not in alignment with mine, then I can simply explain that their policy isn’t sufficient to keep my data safe, and I will have to decline sharing it at this time.
Having a written policy keeps any decisions out of the hands of arbitrary choice.
You can read Chris Ballance’s Data Privacy Policy here.
Should you feel inclined to develop a data security policy of your own, feel free to use mine as a template. It is released under the MIT License.