A privacy breach is any type of unauthorized or improper collection, disclosure, use, disposal or retention of personal information. A privacy breach often occurs in an institution or it can occur off site. Sometimes a breach occurs due to inadvertent errors or because of malicious actions by employees or former employees, third parties, or intruders.
Probable Causes of a Privacy Breach
There are many instances which can constitute a privacy breach. Any situation where personal information is disclosed or accessed by an unauthorized party is a privacy breach. This can occur due to:
- Theft or loss of devices which contain personal information
- Sale or disposal of devices containing personal information
- Transfer of devices without purging
- Using devices outside of work sites
- Using devices inappropriately to transfer information
- Inadequate security precautions
- Phishing and Pharming techniques
How Institutions can Prevent Privacy Breaches
The government has set forth the requirements for providing protection of private information. Any institution and business needs to follow these guidelines to protect individuals whose information they store. They also need to conduct periodic assessments of possible risk or threats. Each institution should also develop their own provisions for privacy and codes of action when a breach occurs. For instance, they should notify individuals and governmental institutions should a breach occur. They should make certain that when personnel work off-site they are aware of maintaining privacy and security. And they should establish very clear restrictions about which employees have access to private information and why they have that access.
Keeping Storage Devices Safe
Personal information should be purged from any equipment or electronic devise before being sold, traded, disposed of or transferred to another party. File cabinets, mobile shelving units and safes should be emptied completely to ensure there is no protected or classified material remaining before they are sold or transferred.
Protecting Against Phishing and Pharming
Institutions and organizations can take actions to protect individuals from phishing and pharming techniques. An individual’s request for personal information should be validated to ensure it is the right person and they have the right to the information. They should always refuse to provide information in cases of unsolicited communications. Officials should monitor websites for clues that would indicate it is not a legitimate site. And they should always verify phone numbers of organizations to determine if it is valid or not.