Protection of personal data is sometimes seen as a constraint on an organization, but also as a reserved area for a well-identified member of the legal services or the information systems directorate to ensure that the correct forms of declaration are sent and that the mandatory information appears where it is expected. Nevertheless, administrative rules and constraints, which may be difficult for those responsible for designing or operating systems, are only a particularly visible part of a set of regulations established and maintained to avoid that individuals (employees, customers, partners, users, prospects...) are reached in their private life.
A "breach of privacy" is a real legal and operational risk for an organization, whether the organization is a company, an association, an administration... It generally takes its source in a failure of the personal information confidentiality and can take the form of uncontrolled disclosure, identity theft, intrusion or unwanted interference in the private sphere, or various forms of discrimination and harassment. If people are harmed by an organization, the consequences for them can be benign but also catastrophic, ranging from a more or less serious impact on their social relations to financial losses or even prosecution risks. The consequences for the organization in question can affect its reputation or its position in the market. Moreover, its legal responsibility can be withheld in civil as well as criminal cases.
For these reasons, the risks to the personal data handled by the organization are increasingly integrated with the operational perimeter of the person responsible for the security of information systems and taken seriously as well as the company information protection (whose personal data are often an essential component). In order for this protection to be ensured effectively, it is essential that all the organization members, and in particular those interacting with automated data processing systems, have a real awareness of the risks nature, their responsibility in the data processing and motivations and principles underlying rules and constraints.
No comments:
Post a Comment