skip to content
CyberTIP: It

CyberTIP: It's 2015. Do You Know Where Your Confidential Data Is?


The Inside Perspective
(May 5, 2015)

In our last CyberTip, we discussed the need for every employer to have its own customized cybersecurity policy. And, as we stated, a robust policy depends first on knowing what confidential information the company possesses, and where it exists.

As an initial matter, then, consider that one or more laws give individuals certain privacy rights in these types of information:

  • Social security numbers
  • Taxpayer ID numbers
  • Driver's license numbers
  • Passport numbers
  • Bank account numbers
  • Credit/Debit card numbers
  • PIN numbers
  • Email names or addresses
  • Internet account numbers/ID names
  • Digital signatures
  • Biometric data
  • Fingerprints
  • Passwords
  • Parent's legal surname prior to marriage
  • Credit reports
  • Criminal background checks
  • Drug tests
  • Medical records
  • Student education records
  • Information shared with financial institutions

TIP: Cybersecurity starts with knowing what personal and confidential information your company possesses and where it is found. Perform a full inventory as part of developing the culture of cybersecurity that will minimize risks of exposure.

Personnel files, accounting information, and customer records are obvious places where this kind of information resides, but it is also located in the nooks and crannies of various electronic records throughout many businesses. A strong cybersecurity team should include representatives from enough corners of the organization to allow the company to identify exactly what confidential data it has.

Separate from such data on people, a business also has its own confidential information to protect. Laws do not prevent a company from revealing this kind of information about itself; rather, this is confidential business information, sometimes a trade secret, that a company seeks to protect for its own competitive advantages. This kind of information can include, as just a few examples, special needs of customers, purchasing histories, terms of customers' business relationships, pricing and marketing strategies, non-public financial records, proprietary software programs, product development information, and information entrusted to a company by vendors and business partners on the expectation that the Company will keep it confidential.

It sounds too simple to say that you cannot know what you have to protect until you know what you have. The simplest steps in any process, though, are often the ones that are skipped, and there is no substitute for careful analysis of where personal identifying information is held and where confidential company data exists. Only then can a culture of security take root in the right places.

Authors
Alexander L. Maultsby
T (336) 378-5331
F (336) 378-5400
Associated Attorneys
DISCLAIMER

Each of our lawyer's e-mail address is provided with his or her biography. If you are not a current client of our firm, you should not e-mail our lawyers with any confidential information or any information about a specific legal matter, given that our firm may presently represent persons or companies who have interests that are adverse to you. If you are not a current client and you e-mail any lawyer in our firm, you do so without any expectation of confidentiality. We will not establish a professional relationship with you via e-mail. Instead, you should contact our firm by telephone so that we can determine whether we are in a position to consult with you about any legal matters before you share any confidential or sensitive information with us.