Think Privacy. Think Security

Today is Data Privacy Day, an international effort to raise awareness of privacy rights and empower individuals and businesses to respect privacy, safeguard data and enable trust.

With the increasing use of smart home products, wearable devices, and through our numerous social media accounts, we produce more data than ever without necessarily realizing the digital trails left behind. And all that data is potentially vulnerable to being compromised, often for nefarious purposes. 

Millions of people are often unaware of how their personal data is being used, collected or shared, and ignore the magnitude or severity of their exposure. Indeed, seemingly each day brings news about more breaches and compromises of personal data.   

Sharing data is the foundation of personalized services. It's what makes search results relevant, it ensures consumers get deals for the products they buy, it fuels loyalty programs. We use apps and online services often for ‘free’, but the hidden price is some form of our personal data. Data Privacy Day is an effort to remind consumers to make active decisions about what they are sharing, and to choose how, when, where, and for what purposes their data is being used.

At Symantec we often talk about how there can be no privacy without security.  Privacy relates to the principles, laws and regulations companies must adhere to when collecting, processing, storing, and ultimately disposing of individuals’ personal and private data. Security is the use of the right technical and organizational methods to protect that data, and while you can have security without privacy, you cannot have privacy without security. To learn more about how Symantec’s privacy and security teams work together, read this article by David Bradbury, Symantec’s CISO, on the role security practitioners need to play to safeguard the privacy of customer data.

Privacy laws are shifting globally in a big way, and adequate security is the one constant and the simplest way to ensure that companies comply with required laws and protect their customers’ and employees’ most important information. At Symantec, privacy is a top issue for our employees, customers, partners, and suppliers. The topic has taken on further urgency since passage of the European Union’s General Data Protection Regulation (GDPR), which took effect last year.

Privacy at Symantec

Privacy is embedded into our product and service offerings, public policy initiatives, robust internal compliance program, and our culture, and continues to guide our decision-making and actions. In celebration of Data Privacy Day, below you’ll find examples of how we work to keep customer and employee data private at Symantec.

Products and Services

Beyond the laws governing privacy, companies are obligated to ensure that proper administrative, technical and physical security safeguards are in place to protect personal data. Symantec is in the unique position to deliver products and services that enable our customers to protect personal data and comply with data protection regulations. We recently launched an updated Customer Trust Portal to support the field and provide our global enterprise customers, partners, and consumers with information relevant to data security policies and regulations.

At Norton, we are introducing a new online privacy product to test in the market, Norton Privacy Manager. This all-in-one app brings many online privacy solutions into a single app and helps manage and control what personal data you share online.

Compliance

Keeping data private must include a commitment to robust compliance with numerous regulations. As an example, Symantec took a number of steps to strengthen and enhance our own privacy practices as part of our GDPR-readiness effort. In particular we enhanced our Global Privacy Statement, improved our product transparency notices, and launched a new Privacy - GDPR Portal. We’ve heard from individual consumers, enterprise customers, business partners, and our own sales teams that they regularly use our portal.

We also released a ‘privacy-by-design framework’ toolkit to help each of our teams translate privacy principles and requirements such as those of the GDPR into their existing business processes and offerings, leveraging existing IT and collaboration tools where possible.

Employee Training & Awareness

The most common privacy weaknesses are often human error and technical shortcomings. That’s why we work to embed strong cyber security practices into Symantec’s culture by educating and training our own workforce. Employee, and consumer, education about security and data protection is paramount and essential for ethical corporate citizenship.

As part of our GDPR compliance effort, we rolled out a mandatory, company-wide training to help employees and contractors understand how and where GDPR compliance would impact their work. We created a new privacy governance structure, the Symantec Global Privacy Council, a group of C-suite executives that help provide strategic direction and counsel to the company on all privacy matters. And, we launched a new Privacy Ambassadors’ Circle, which includes appointees from each corporate function, business unit, and main geographical area, creating a consistent network of privacy liaisons across the company to carry the privacy strategy and escalate any privacy concerns.

Data breaches compromise privacy, security and economic well being, and the financial and reputational risks have both immediate and long-term impacts. Throughout my career, I’ve seen firsthand the real world impacts that a breach of security can have on customers, businesses and communities. Keeping personal data confidential and secure can prevent identity theft, prevent our private lives from being exposed, and can even help prevent human rights violations such as discrimination that could result from personal data being misused.

Learn more about Data Privacy Day Here