In this video, Bob McGannon explores the data privacy considerations that should be considered when it comes to managing your project’s external data users such as vendors, business partners and customers. In addition, understand the benefits of and requirements for hiring a data security expert early in your project lifecycle.
- Watching me use an ATM is kinda comical. With all of the news reports about data being stolen, I work hard to keep prying eyes from picking up my PIN code and I probably look like I'm trying to hug the ATM. The need for data security goes way beyond automated teller machines. It's becoming a larger and more important part of virtually every technology project. Data privacy laws change frequently so you need to ensure you understand the current laws in your country.
If your project covers multiple countries, the laws of the country where your company headquarters is located will typically prevail. To comply with these laws, technical solutions need to be designed so access can be clearly controlled. For instance, you'll need the ability to define access groups and the types of data or transactions that each group can perform. As a rule of thumb, people should only have access to the information which is required for them to perform their job.
For example, only qualified medical technicians should be able to see diagnosis-related data on medical equipment. For external users, data privacy considerations get more complicated. Let's look at three primary categories for external data users. First are vendors. Vendors are service providers who have access to your data behind the scenes. Typically, these are the people who support your equipment for troubleshooting or technology upgrades.
Begin by ensuring all vendors with access to data understand your policies and procedures surrounding data privacy. Then perform periodic data integrity checks to verify your procedures are being followed. In this integrity check, ensure your vendor verifies their staff and contractors have signed a data confidentiality statement and confirm that access to your data is only being provided to those who need it. Next are business partners.
Your business partners want to feel that their data's being treated with care. They want to know who has access to their data, where the data's being hosted, and how you'll ensure that data remains encrypted, backed up, and protected. When designing a new solution, inform your partners in writing about your activities and how data security will be maintained. Depending on the partner, you may need to contact them in writing to obtain permission to apply data security and access-related changes so be sure to check the laws and your business partner's requirements.
And finally, external customers. Customers are the end users or consumers of your products or services. As consumers, we care about how our individual data's being managed. News reports of data breaches and passwords for sale on the Internet are all too frequent. You need to ensure consumer data is highly secured. In addition, access to this information will require positive identification of the consumer who requests their data.
So how do you handle all of these data security requirements? I recommend hiring a data security expert to be part of your design team. This isn't an area to be taken lightly. Your security must be designed appropriately. Your data security expert should be responsible for data privacy, preventing intrusion from hackers, and virus protection and related threats. Keep in mind that several industries have regulatory processes and procedures to follow with regards to data.
In particular, healthcare, finance, aviation, public service agencies, and utilities have requirements that need to be understood and applied to any technical solution. Data security is extensive and changes rapidly. You'll be wise to hire an expert early in your project lifecycle. Ensuring your solution provides your clients and customers with the piece of mind that their data's being treated with care is an important factor in your success as a technical project manager and it might help your clients look less silly than when I use an ATM.
- Identifying and managing stakeholders
- Guiding process and organizational change
- Considering a cloud-based solution
- Planning a technology project
- Assessing risks and changes
- Executing a technology project
- Addressing challenges such as conflict and changing priorities