#NCSAM Week 3: Protecting Employee and Customer Privacy

Week 3: October 16-20

Theme: Today’s Predictions for Tomorrow’s Internet

Connected devices, digitized records, smart cars, and smart homes have become a new reality. Week 3 reminds citizens that their sensitive, personal information is the fuel that makes these smart devices work. While there are tremendous benefits to using this cutting-edge technology, it’s critical to understand how to do so safely and securely.

Ediscovery security

During Week 3 of NCSAM, consider taking the following actions to create a culture of respecting privacy, safeguarding data, and enabling trust in your organization.

[pdf-embedder url=”https://blog.everlaw.com/wp-content/uploads/2017/10/Privacy-Is-Good-For-Business.pdf” title=”Business privacy”]

How Everlaw protects the privacy of our employees and customers:

If you collect it, protect it

Follow reasonable security measures to protect individuals’ personal information from inappropriate and unauthorized access.

As we discussed in our Week 2 post, Everlaw undergoes regular, independent vulnerability scanning and penetration testing, as well as annual audits to maintain our SOC 2 Type II certification in Security, Availability and Confidentiality. Our holistic compliance program covers not only security and confidentiality, but our commitment to our customers, professional ethics, and our company values.

Be open and honest about how you collect, use, and share personal information

Clearly communicate your data use practices and any features or settings you offer to consumers to manage their privacy.

One of the Seven Foundational Principles for Privacy by Design is Respect for User Privacy, which aligns with the Everlaw Company Values. Part of respecting user privacy is empowering informed decisions. Everyone is able to review Everlaw’s Privacy Policy on our website, and we make efforts to use plain language to explain our practices rather than legalese.

Don’t count on your privacy policy as your only tool to educate consumers about your privacy practices

Communicate clearly and often what privacy means to your organization and the steps you take to achieve and maintain consumer privacy and security.

At Everlaw, safeguarding data is an ongoing process subject to continuous improvement. We are currently updating our Privacy Policy and practices to comply with the EU General Data Protection Regulation (GDPR). In the coming months we will create resources for our customers to learn about our enhanced privacy practices and GDPR compliance.

Create a culture of privacy in your organization

Educate employees about their role in privacy, security, and respecting and protecting the personal information of colleagues and customers.

As discussed last week, Everlaw has a robust security training program which includes security and compliance onboarding, live annual information security training, as well as annual training using computer-based modules for specific topics. But culture is not only about training our team, it is visible every day in the office where our team members display their vigilance regarding the physical security of our office, and the importance of keeping our clients’ data secure. Everyone on the team knows they have a role to play in making sure privacy and security of information is achieved and maintained.

In addition to your privacy practices, do your due diligence and monitor partners and vendors

You are also responsible for how they use and collect personal information.

Another one of the Foundational Principles for Privacy by Design is ensuring protection of data throughout its lifecycle. At Everlaw, this means that we perform due diligence on our vendors, such as AWS, and undergo independent auditing of our entire infrastructure annually during the SOC 2 Type II certification process.

Thanks for celebrating NCSAM with Everlaw!

Come back next week for our Week 4 NCSAM update.