Using Security To Protect The Privacy of Customer Information

Advancements in information technology have driven the information security discipline to the forefront in the quest to protect customer data. Protecting this customer data is one of the many aspects of privacy addressed in the SANS Security Essentials curriculum. Although the concepts of governmental privacy regulation and an organization's privacy policy were discussed in that curriculum, this document will tie these together. In addition, it will focus on how these influence the design of an organization's information security, as well as organizational infrastructure. Sound privacy policy for an organization must be supported by the appropriate information security infrastructure. There is also increased pressure to ensure security infrastructures, both technical and organizational, are equipped to protect this customer data once collected. Currently, one of the highest priorities among organizations is customer data confidentiality, due to government regulations and customer demand. An organization's reputation could be ruined if violations are found which contradict government regulation or its own privacy policy. Information security is the discipline which enables organizations to operate responsibly under these and future privacy requirements.