Data Privacy and the Future of Business: How Businesses Can Put Privacy First

Jan 26, 2022

With the global big data market set to be worth nearly $235 billion by 2026, to say that data is now core to business success today would be a massive understatement. From tweaking shipping strategies to delivering more relevant advertising campaigns to customers, businesses are constantly looking for ways to make more data-driven decisions. But with this access to consumer data comes great responsibility. And unfortunately, in many consumers’ eyes companies are not doing all they can to make sure that their data is being used securely and with the highest privacy standards in mind.

According to the Pew Research Center, 79% of U.S. adults report being concerned about the way their data is being used by companies. Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth in your business. Be open and honest about how you collect, use, and share consumers’ personal information. Think about how the consumer may expect their data to be used and design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy.

Conduct an Assessment

Conduct an assessment of your data collection practices. Whether you operate locally, nationally, or globally, understand which privacy laws and regulations apply to your business. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access and make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes.

Prioritize Third-Party Cybersecurity

Don’t forget to maintain oversight of partners and vendors as well. If someone provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information. And as this year’s slew of supply chain attacks have shown, third-party breaches can be just as hard-hitting as if your company was attacked directly. Therefore, companies need to have a rigorous checklist in place to ensure that their partners are taking cybersecurity and data privacy as seriously as your business is. Here are a few questions you should ask to get started:

  • Does your company have written disaster recovery (DR) and business continuity plans (BCP)? Are these plans tested on a periodic basis?
  • Does your company hire an external audit firm to perform a compliance review of your operational controls?
  • Does your company have a pre-employment screening policy for employees and contractors?
  • Are files and records reviewed, retained and purged in accordance with legal requirements, contractual obligations, and service level agreements?

As a service provider to over 650 financial firms across the world, Abacus not only maintains a BCP, but we also conduct multiple internal DR tests per year and hundreds of tests per year for our clients. We also engage various third parties each year to audit our Abacus system access controls, and conduct platform security assessments (sometimes referred to as penetration tests). The resulting SSAE18 Type 2 SOC 1 report and assessment results are published for our clients on our abacusPortal.

For our entire global workforce, we require pre-employment background checks and we also conduct due diligence screening for all potential vendors. We also provide extensive daily file and records reporting to our clients via our abacusPortal.

Adopt a Privacy Framework

Knowing the risks that your company’s data faces is pivotal to making sure it is safely maintained and used. However, only 57% of businesses conducted a data security risk assessment in 2020. Researching and adopting a privacy framework can help you manage risk and create a culture of privacy in your organization by building privacy into your business. Granted, there are many different types of frameworks and some may work better for some companies than others. However, the following resources can help organizations get a sense of where to get started: NIST Privacy Framework, AICPA Privacy Management Framework, ISO/IEC 27701 - International Standard for Privacy Information Management.

Abacus adheres to GDPR (General Data Protection Regulation), EU-U.S. & Swiss-U.S. Privacy Shield, and CCPA (California Consumer Protection Act).

Educate Employees

Ongoing training and awareness campaigns for employees are a must for businesses today especially as the digital world becomes more and more driven by remote work. Unfortunately, many businesses are coming up short in terms of their training and awareness efforts. For example, 44% of organizations provided no cybersecurity training geared towards remote work for their employees.

Data privacy success hinges on a business’s ability to create a culture that priorities privacy within their organization. And educating your employees about their role and your organization’s obligations to protecting personal information is central to establishing this type of environment. Look to educate employees on your company’s privacy policy and teach new employees about their role in your privacy culture during the onboarding process. Businesses can then begin to build on these fundamentals by setting up ongoing training and awareness sessions, establishing fireside chats with leadership around cybersecurity, and building toolkits for employees to refer to on a daily basis.

Here at Abacus, the comprehensive annual cybersecurity education program we provide for our abacusFlex clients not only consists of traditional cybersecurity training but it also includes education around data privacy. Our quarterly phishing test program ties into this so that our clients’ users can put what they learn into practice.


2021 was yet another watershed year in terms of business data use. And 2022 is likely to be another. Therefore, it is imperative that businesses put their best foot forward when it comes to data privacy, and these few steps can help them make significant strides in developing better privacy habits.


Learn more about how your firm can benefit from our comprehensive IT and cybersecurity services.

Contact Us