According to Aetna someone made a “serious human error”.  The fact is that 88% of breaches are caused by insider negligence.  In order to eliminate human error and properly safeguard records containing personally identifiable information (PII) you need to know where those records exist.  To know this, an organization must have an inventory of what records contain PII, what media it resides in, who has access to it and how it is maintained and disposed.  Jordan Lawrence’s Privacy Management allows you to proactively identify where human error and process breakdowns can occur within your organization.

Requirements to comply with this law include creating an inventory of all paper and electronic records and media that contain PII, perform regular threat assessments to identify risks and vulnerabilities for a breach, and maintain a written security policy.

Most companies struggle with how to develop a data inventory, which is the foundation of any privacy program, as well as the costs associated with the typical approach of using spreadsheets, the man hours and the disruption to the business.  With Privacy Management Services you can create a personal data inventory in 30 days and update and maintain that information with minimal costs.

In order to protect your personal and sensitive information from exposure due to bad processes you need to know what you have and where it resides.  The first step to identify those “bad processes” is creating and maintaining a personal data inventory.  With Privacy Management Services an inventory can be completed in 30 days giving you insight into what type of records exist, which records contain PII,  what media it resides in, and how it moves across the enterprise.

Having this information enables you to perform regular threat assessments to identify where your risks and vulnerabilities lie so you can develop actionable policies and procedures to mitigate those “breakdowns”.

When dealing with any personal and confidential information, companies must have proper processes and policies in place to protect that data from ending up somewhere it should not be.  With Jordan Lawrence’s Privacy Management Services you can identify those processes, use best practices to develop policies that govern private data and communicate privacy policies and directives straight to employees’ desktops using our secure and compliance-verified tool.

• The majority of data breaches are caused due to process issues and not by unauthorized access to networks.
• Investing in proactive steps to prevent a breach is a lot cheaper than paying for a breach.
• The greatest security threats are seldom where you expect to find them.

With data breach costs averaging close to $300 per individual affected, this flash drive could cost the hospital millions. Hospital officials are not talking about why this information was on a flash drive, but we know from experience that personally identifiable data can always be found throughout departments and in processes that you would not suspect.

GRIP^TM Privacy Management enables companies to create and maintain incredibly discrete personal data inventories and to conduct regular threat assessments that uncover the elusive business processes that are the source of most breaches. GRIP^TM Privacy Management is fast, cost effective and works for any company. To learn more contact Kathie Dingley at 636-821-2232.

Utilizing GRIP™ Privacy Management, any company of any size can quickly and effectively create a personal data inventory in 30 days.  In addition, GRIP™ Privacy Management gives companies the tools needed to conduct regular threat assessments and to manage privacy and security policies. 

To learn more about GRIP™ Privacy Management and how your company can benefit, contact Kathie Dingley.

Preventing a data breach begins with creating and maintaining an accurate personal data inventory. But most companies’ attempts to create an inventory are doomed from the start because they are too high level and fail to identify the discrete business processes that contain, access or move personally identifiable information.  

When Jordan Lawrence builds a personal data inventory, we leverage benchmarked industry and job function based profiles that ensure the inventory identifies what really matters.  Finding social security numbers in a database in a highly secure server is important but knowing patient information is maintained in a 3 ring binder that leaves the facility is how you prevent a breach. If you’re looking for a fast and accurate way to create and maintain an exceptional personal data inventory, then we should talk.

A data breach can happen in an instant. In order to safeguard sensitive information and reduce the financial and legal risks associated with a data breach companies must take a proactive approach.  Knowing where that information lives, what media it resides in and the processes of how it is managed enables companies to reduce those risks. With our GRIP^TM Privacy Management, any company can quickly create a personal data inventory and identify their current information management practices to assess and manage their risks responsibly, defensibly and cost-effectively.

This webinar focuses on how GRIP™ Privacy Management delivers the automation necessary to quickly create personal data inventories, conduct regular threat assessments and manage privacy policy compliance.

GRIP™ is designed for privacy professionals and outside counsel interested in the benefits of automating these manual processes.

For more information and schedules please visit the Jordan Lawrence website.  To register, visit our registration page.

Unfortunately, the Yuma incident is far from isolated.  The fact is, we often identify exposures created by employees who are “just doing their job.”  The overwhelming majority of data breaches are caused by process issues and human error rather than hackers or network intrusion. 

In less than 30 days, any company can identify these types of vulnerabilities and avoid devastating consequences. Incidents such as the one that occurred at YPG are further evidence that companies need to conduct regular threat assessments to ensure that personally identifiable information and other sensitive data is protected.