Imagine going out with friends on a Friday night. You’ve gotten yourself ready. You’ve collaborated with each other to pick the perfect spot to eat. The destination, however, only accepts cash. While this isn’t a big deal, all you need to do is stop by an ATM and extract some money. It’s payday, so you have plenty of money. You pull up to a local bank, hop out, and enter your information within the ATM. However, the screen says something about insufficient funds. You try again, because obviously this is an error. But, the screen details the same exact error. After calling your bank you realize, your information has been stolen.
Customer privacy issues have been an issue as long as data has been obtained and stored. This threat has since been amplified with the domestication and ease of access the internet has instilled in each home since the late 90’s. Since data is obtained in great detail, more easily, and faster than ever before, companies have went to great lengths to protect personal information from those that wish to steal it. Because of this CIOs have been tasked to provide insight and to help mitigate actual theft of information. CIOs have mainly concluded there are 4 main areas that need to be addressed when dealing with privacy issues. These areas include, but are by no means limited to, encrypting to protect information from being easily viewed and distributed, spending to protect and upgrade current protection systems because most of the current infrastructure isn’t up-to-date and spending lags behind how much money can potentially be lost, guarding against self-inflicted breaches meaning ensuring your company has plans in place to train employees and keep information private, and ensuring company policies are in place so there is understanding on what is considered protected and how to keep protected data from being stolen. We will cover these facts in detail below in an attempt to derive the problems CIOs encounter the most when dealing with privacy.
Encryption is probably the first step a CIO should take when trying to protect privacy. Encryption can deter and defend against theft and distribution due to the difficulty of trying to decrypt information. Encryption is basically changing information into a codified structure to prevent theft. This is similar to binary code showing up on an operating system as words, but rather in reverse. Words are made into code, but the code can be chosen by the person who is encrypting. This is an important part of a CIO’s job because encryption plays a vital role in the security assurance of IT systems and communications as they can provide not only confidentiality, but also provide authentication, data integrity, and non-repudiation (sender cannot deny sending the information). (Rouse, 2014)
Second is spending to protect and upgrade current protection systems. Fun fact, “The cost of a cyberattack for the average hospital is $3.5 million, but according to a HIMSS survey, 46 percent of hospitals spend less than $500,000 annually on cybersecurity.” (Green & Jayanthi, 2016) This is a huge concern. So how should