Experts Blog

Promoting Data Privacy in your Organization
January 25, 2023
Virginia Roudabush

The National Cybersecurity Alliance has designated Data Privacy Week 2023 to be January 22-28. Fortalice Solutions has partnered with the National Cybersecurity Alliance as a Data Privacy Champion. With the overall goal of increased awareness about online privacy among individuals and organizations, one goal of Data Privacy Week is to help organizations understand why it is important that they respect the data of their users, employees and suppliers.

What is Data Privacy?

Also known as information privacy, it is a branch of cybersecurity involving data security to properly handle the collection, storage, dissemination and destruction of information contained within an organization and shared with any partners or third parties.

Currently there are U.S. federal and state laws and regulations regarding data privacy and protection in many industries. The Health Insurance Portability and Accountability Act (HIPAA) is an example designed to protect patient information in health care and health insurance. Another example in finance, is the Gramm-Leach-Bliley Act (GLBA) to protect nonpublic personal information such as income, credit rating, and financial services.

Organizational Steps for Compliance

The first step to ensuring your organization follows laws and regulations, and is up-to-date on all mandates, is to assess your data collection practices. Ensure you have documented procedures on what data is collected and how it is managed. This includes understanding the data flow and ensuring appropriate controls exist around where data is stored and how it can be accessed or distributed.

Generate and follow security measures to keep individual personal information safe from unauthorized access. Doing so includes processes used within your organization and oversight of actions taken by your partners and vendors.

Ensure the terms of service and privacy agreements for your organization are easily accessible and available for review. Then verify the actions taken by employees follow the agreement and have documented procedures to guide those actions.

Educate Employees

Data Privacy Week is the perfect time to share privacy protection information with your employees. Share current best practices and use this week as an opportunity to educate your employees about data privacy.

Creating a company Privacy Policy for your organization, and ensuring your employees read and acknowledge it is key. This policy should be readily available for employees to reference, and include contacts for further information.

Add information on the privacy culture and education on the Privacy Policy to your onboarding process so new hires have awareness. Engage staff by asking them to consider how privacy and data security applies to the work they do. Lastly, remind employees to update their privacy and security settings on work and personal accounts.

How Fortalice Can Help: Adopt a Privacy Framework

Fortalice can work with your organization to understand the recommendations and control requirements that are best for your organization and industry. Adopting a privacy framework can help you manage risk and create a culture of privacy in your organization by building privacy into your business processes. Fortalice recommends using these Privacy Frameworks:

NIST Privacy Framework

Cybersecurity & Infrastructure Security Agency Privacy Framework

ISO/IEC 27701 - International Standard for Privacy Information Management

For additional information on Fortalice Solutions's service offerings, contact Fortalice Solutions via email at