News, insights and resources for data protection, privacy and cyber security leaders

Ten Privacy and Data Security Mistakes Start-Ups Should Avoid (Part II)

Most technology start-ups lack the experience and resources needed to manage the plethora of security, privacy, and compliance issues inherent in a growing technology business. Nevertheless, the legal and business implications of poorly managed privacy and data security practices are too important to ignore. A single error can undermine the trust of investors and customers, attract unwanted regulatory attention or litigation, and ultimately, derail a start-up’s success.

In this follow up to the first instalment, Francoise Gilbert from Greenberg Traurig LLP talks about 5 additional privacy and data security mistakes that start-ups must avoid.

 

6. Failure to provide adequate security

Many countries require that companies provide adequate protection for the data – or certain categories of data – in their custody.

A company’s size is not an excuse for failing to seek the proper resources, technologies or experts to ensure the adequate levels of security are adopted to suit the nature of the data stored or processed by an entity.

Security breaches are to be avoided by all means. They are significantly disruptive. A company that has implemented a well thought through written security programme will be less exposed to potential security breaches and to the significant consequences of security breaches.

In most cases, a company that has suffered a breach of security might be required to publicly disclose the occurrence of the breach. It may have to send notices to affected parties and regulators, and offer credit monitoring or identity theft insurance, which is usually a significant expense. If a state of federal regulator becomes aware of the breach, a lengthy, invasive and gruelling investigation of the company’s practices may follow, resulting in significant cost, disruptions, and potentially ending with an order that submits the company to the supervision of a regulator for the next twenty years.

 

7. Assuming that bigger is better

Some tech start-ups tend to collect much too much data just because “we may need it later” and “storage is cheap.” The more data a company has in its custody, the more vulnerable it is to legal violations and security breaches.

Collecting too much data can cause a compliance issue; some laws require entities to collect only the minimum amount of data necessary to achieve a stated purpose. Additionally, having a lot of data can become a significant responsibility, as well as potentially costing the company significant amounts of capital. For example, some laws grant individuals the right of access to data that a company holds about them. In case of an individual’s request for access to data, the company will be required to provide copies of files that may be located in different locations, on different devices, or in different formats. The more data a company has, the more time and data experts it will need to retrieve it. Collecting a massive amount of data also causes significant security risk. The larger the volume of data the higher the probability that it will stolen.

Francoise Gilbert

Françoise Gilbert has focused on information privacy and security for more than 25 years; she regularly deals with compliance challenges raised by cloud computing, connected objects, smart cities, big data, mobile applications, wearable devices, social media, and other cutting-edge developments. Françoise is internationally recognized as a thought leader and expert in data privacy and cyber security. In 2015, she was recognized as a “Cybersecurity and Privacy Trailblazer”. In 2014, she was named “San Francisco Lawyer of the Year” by Best Lawyers for her work in information privacy and security. She has been listed in Chambers USA and Chambers Global since 2008, Best Lawyers in America since 2007, and Who’s Who in Ecommerce and Internet Law since 1998 as one of the leading privacy and cybersecurity attorneys.

Latest posts by Francoise Gilbert

Leave A Reply

Your email address will not be published.

Subscribe and Get 50% Off 6-Hour Workshop Video

PIAs and the ISACA Privacy Principles: Effective Tools to Identify and Mitigate Security and Privacy Risks

Thanks for subscribing!

Pin It on Pinterest

Share This