Privacy and Compliance, Who Owns the Data?

The Data

Computer data. Who owns it, the organization or the customer? Executive management is responsible for the oversight of information systems and data. This data, held in the computers, can be a mix of organization owned information and information obtained from external sources such as its customers.

When a security breach occurs, who owns the data and whose information has been compromised? Is it the organization’s or the customer’s information? When an organization’s proprietary information (e.g. financials, intellectual property, etc.) has been compromised, it is the organization’s data. When a customer’s personally identifiable information (PII) has been disclosed to unauthorized parties, it is the customer’s data.

The Bank Vault

Executive management should view their information systems as a bank vault where the organization is the custodian of customer data. Since the organization does not own customer data, the customers own their data and the organization is only a custodian.

As a custodian, it is the organization’s role to hold in safekeeping the customer data. Safekeeping and privacy compliance obligations include minimizing the risk of theft or loss, whether the information is in physical or electronic form.

As a result of the increase in the number of data breaches, various laws and regulations have been enacted to protect the privacy of individuals and their information. Prior to these privacy compliance requirements, many organizations were not allocating sufficient resources to protect customer data. Information collected was shared with outside parties and the customer was never informed.

Security Controls

Since information systems face a variety of risks (e.g. compliance risks, unauthorized access, etc.), executive management should perform a risk assessment to identify their assets and threats to the assets. Once the assets and threats have been identified, preventive, detective, and corrective controls are then implemented to mitigate and reduce risks.

Once your organization’s controls are in place, contact a Certified Auditor to review your controls for sufficiency and effectiveness. For more information please see:

Security Blog
verified If You Want a "Security Audit"
You Need a Certified Auditor.
Certified Information Systems Auditors

Unlike a security consultant, Altius IT is certified as a Certified Information Systems Auditor to perform a security audit of your environment and issue reports and recommendations to secure your systems. After your audit, Altius IT's Auditor Opinion Letter and Secure Seal let your clients and prospects know you meet security best practice/compliance requirements.

See our In the News page for video clips of our experts on national television as well as over 40 publications featuring Altius IT. In addition to our auditor certifications we hold many security, technical, and project management credentials. More information is available on our About Us page.

Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

  • Fortify your information systems, applications, and network infrastructure
  • Comply with regulatory requirements
  • Protect your valuable assets
Assurance and Security Audit Services
network-security
Network Security Audit Company
Certified security audit
Cyber security audit
Network security audit
Penetration test and penetration testing
Risk assessment
Security testing
Social engineering security assessment
it-security
IT Security Audit Company
Data security audit
IT audit
IT security audit
Mobile software application security audit
Network security assessment
Security assurance
Web application security audit
Website security audit
Website security testing
compliance
Compliance Audit Company
Information assurance
Privacy audit
Security compliance
consulting-services
Consulting Services Company
Custom consulting service
Cyber security consulting
Network security consulting
Network audit
Network assessment
Quick Access
Audit Resources
Security Resources
Contact Us
Copyright ©     Altius IT.   All rights reserved.
Site map Privacy policy Do Not Sell or Share My Personal Information