When collecting data, the Privacy Shield framework mandates that data must not only be “relevant for the purposes of processing,” but it also requires organizations to limit collection to only the relevant data. For example, if you collect information from an individual to provide them with technical support for a computer, you wouldn’t ask for their birthdate, social security number, or any other identifiers that are not relevant to your task. So if you do ask for personal information to provide technical support, be prepared to make a good argument for why it is required.
What does Integrity mean under the Privacy Shield framework?
In addition to only collecting the information needed, the Integrity principle requires organizations to take reasonable steps to ensure that personal data is:
- Reliable for its intended use
- Accurate
- Complete
- Current
This highlights the importance of maintaining the accuracy of the data you hold about an individual and ensuring it is not outdated. Consider providing an opportunity for your customers to review and correct data you hold about them as one method for addressing this requirement. Other key questions for maintaining data integrity include:
- How do you verify that security is enforced?
- How do you know who is accountable for it?
- How do you prevent others from accessing it?
Purpose Limitation: Using Data for a Specific Reason
This Privacy Shield principle also extends to how data collected should be used. Once the company receives the customer’s data, it can only use the data for the purpose for which it has been explicitly collected (outlined in its privacy policy) – unless the organization has obtained specific and explicit permission from the customer to use their information for other purposes. This means that as an organization stores the data in its systems, the data will need to be clearly marked so that it is not inadvertently combined with other data for a different purpose. Referring back to my example, if I collected information from a customer to provide technical support, and they have not explicitly given me permission to use the data in other ways, then I could not use that data to market other products to them.
While there are several obligations that are associated with this requirement, one of the most difficult to achieve will be to mark all data collected with information that details the purpose for which it is collected in a meaningful way that is persistent and remains with the data. This is a perfect use case for a taxonomy-driven metadata implementation that can both identify the sensitivity and classification of the content you are collecting and the purpose for collection. That type of data classification and ongoing tracking will require a major shift in the behavior of many companies who collect data once and then keep it forever, thinking that they may have a new reason to use it in the future.
Purpose limitation also means you should collect as little data as is necessary to achieve your objective. While this may fly directly in the face of many marketing and business practices which traditionally operate under the assumption that “more is better,” the compliance, privacy, risk and security professionals in your organization will remind their business counterparts that once you have sensitive information, you are responsible for protecting it. So it’s always advisable to limit your collection to what is necessary for your business purpose while at the same time managing and containing the risk of potential data breach.
Finally, privacy and security risk management should intersect with other data lifecycle management programs within your company. Combining these related areas will allow you to better optimize resources and risk management for information assets to support responsible, ethical, and lawful collection, use, sharing, maintenance, and disposition of information.
Learn more
For additional resources on how to prepare for the Privacy Shield framework, get your EU-US Privacy Shield Guide today!
