The recent news stories about Uber’s “God View”, in which the company can view the location of users of the service in real time and, according to The Washington Post, once presented a day’s information at a company party and on another occasion gave a potential employee access to records that indicated travels of identified individuals, may be a shocking realization for many consumers about the type and volume of information startup and other companies collect and retain about their customers. Managing such a large amount of data creates numerous risks for companies, both internal and external. However, there are steps that can help companies mitigate privacy and security risks as data collection increasingly becomes an integral business practice.
Organizations that collect, store and use customer data should draft employee policies and procedures that comply with pertinent laws, regulations and business practices, and should also hold training sessions and provide reminder notices in order to encourage a culture of privacy. These policies typically address topics like role based access to company information, encryption requirements, confidentiality agreements, and device policies. Indeed, for companies in industries such as healthcare, such procedures are typically required by laws like HIPAA. Moreover, companies would be well served to train employees on company-wide policies and procedures and to document attendance at the trainings.