Cisco: Respecting Customer Privacy is Not an Option
There was recent news of a multi-billion dollar start-up that utilized an actual customer’s network environment for sales demonstrations. To make matters worse, the practice went on for years, without the customer’s (which happened to be a medical facility) permission or knowledge (which had the potential of violating The Health Insurance Portability and Accountability Act of 1996 (HIPAA). It is understandable for a company to want to demonstrate their products or services in a life-like manner, but data privacy and customer confidentiality are legal and regulatory obligations. There are ways, however, to demonstrate products and services using data that is close to production while protecting your customer’s data, complying with your own company’s legal and regulatory obligations, and still produce a quality demo.
First, let us take a quick look at some of the reasons why maintaining the confidentiality of customer data is so important. Beyond ethical and contractual reasons, there are also regulatory regimes and frameworks that span the globe that require the protection of personal data, such as HIPAA, Japan Personal Information Protection Act, OECD Guidelines, EU General Data Protection Regulation, and the APEC Privacy Framework. In addition to legal and regulatory obligations, customers have become more ‘privacy aware’ in recent years, with increased attention to what data is collected, how it is used, who it is shared with, whether it’s sold or rented, and its eventual destruction. A step to minimize privacy risk and exposure would be to de-identify or anonymize the data and set up a demo environment.
Read the entire article here, Respecting Customer Privacy is Not an Option
via the fine folks at Cisco Systems.