Personal data represents an accumulation of information that makes it possible to identify – in real or potential way – a natural person and associate it with that data. They can be of all kinds: graphics -photographs, videofilmations where the physical identity of the person and their characteristic features can be seen-, biometrics -digital fingerprints-, credit -those that appear in banks and financial entities-, medical -sensitive data contained in medical records-, among many others, whose list would become eternal.
Companies, agencies, and entities that handle personal data in general – and in particular, sensitive data – have to make investments in order to protect that information and thus prevent it from leaking – involuntarily or deliberately, from inside or outside the organization-. In this way, they comply with the provisions of the law avoiding being fined, generating a framework of trust in the quality of the procedures they use to manage data processing, and protecting an invaluable intangible, which has acquired high standards of protection in many countries.
How is personal data protected? Starting from the taking of effective measures in the matter of cybersecurity, that allow not only a care and preventive control of the personal data, but also to minimize the risks and damages that could be generated before a security breach or a voluntary negligence or an act deliberate. Among them, we can mention:
- Use of passwords and encryption systems for access to information: The use of passwords that are constantly renewed and changed, as well as other methods of encryption of information, will allow more restrictive access to the sources where the information is stored and processed.
- Limit access to certain people: access to personal and/or sensitive information must be limited only to the people who process them and not to third parties outside the organization or to those employees whose work is not linked to data processing.
- Implement corporate policies for the management and manipulation of personal and/or sensitive information through guidelines, procedures, corporate manuals prepared by experts in cybersecurity, among others.
- Raise the security levels of the IT tools -computers, servers, emails, etc.- as much as possible through which the data is collected, selected, and processed.
- Train the company’s staff on the importance of personal data, it’s handling, manipulation, the security measures to adopt and create a legal and contractual confidentiality framework that must be respected in all processes/procedures that involve the handling of personal data.
- Back up the information and use safe and reliable mechanisms to destroy data when the purpose for which it was collected and processed has already been fulfilled, taking into account the principle of the temporality of the processing of personal/sensitive data.
- Establish corporate mechanisms aimed at minimizing the risks that arise in the event of a cyberattack or an information security breach, devising quick and effective contingency plans, giving special and urgent notice to the corresponding authorities and data holders.
This list is simply exemplary and the security measures that can be taken at a corporate and personal level are multiple and combined with each other depending on factors such as the size of the company, the type of information it handles and processes, the number of employees, the activity of the company, to name a few.
If you require any type of advice on cybersecurity, at Moeller IP Advisors we have an extensive network of professionals worldwide to satisfy your interests.
Contact our Relationship Managers for more details and information in this regard: Vivianne Cardoso, and Amar Kashmir, or you can write to us directly at the following email: legal@moellerip.com. Moeller’s legal department is headed by Mr. Mariano Municoy -find his profile in detail here.
