Track the Data
Tom Garrubba, a vice president at Shared Assessments, says privacy is specifically focused on what an organization is permitted to do with the data it collects from a data subject. With that in mind, it’s important for companies to “follow the data,” he says.
“What I mean here is that companies should document all data transfers both within the organization and outside to third parties and other downstream vendors,” Garrubba explains. “Companies should build this into all projects that involve personal data [privacy by design] as it’s incredibly important to document [the] data chain of custody in the event of a breach or mishandling of such personal data.”
As part of data privacy, companies need to safeguard the data, adds Archie Agarwal, founder and CEO at ThreatModeler. By this, he means for companies to identify all the threats and then mitigate them.
