Skip to Main Content
HBS Online
  • Courses
    Open Courses Mega Menu
    • Business Essentials
      • Credential of Readiness (CORe)
      • Business Analytics
      • Economics for Managers
      • Financial Accounting
    • Leadership & Management
      • Leadership Principles
      • Management Essentials
      • Negotiation Mastery
      • Organizational Leadership
      • Strategy Execution
      • Power and Influence for Positive Impact
    • Entrepreneurship & Innovation
      • Entrepreneurship Essentials
      • Disruptive Strategy
      • Negotiation Mastery
      • Design Thinking and Innovation
    • Strategy
      • Strategy Execution
      • Business Strategy
      • Economics for Managers
      • Disruptive Strategy
      • Global Business
      • Sustainable Business Strategy
    • Finance & Accounting
      • Financial Accounting
      • Leading with Finance
      • Alternative Investments
      • Sustainable Investing
    • Business in Society
      • Sustainable Business Strategy
      • Global Business
      • Sustainable Investing
      • Power and Influence for Positive Impact
    • All Courses
  • For Organizations
    Open For Organizations Mega Menu
    • Corporate Learning
      Help your employees master essential business concepts, improve effectiveness, and expand leadership capabilities.
    • Academic Solutions
      Integrate HBS Online courses into your curriculum to support programs and create unique educational opportunities.
    • Need Help?
      • Frequently Asked Questions
      • Contact Us
  • Insights
    Open Insights Mega Menu
    • Business Insights Blog
      • Career Development
      • Communication
      • Decision-Making
      • Earning Your MBA
      • Entrepreneurship & Innovation
      • Finance
      • Leadership
      • Management
      • Negotiation
      • Strategy
    • All Topics
    • Free Business Lessons and E-Books

      Gain actionable skills and insights to advance your career.

    • Free Guide

      Learn how to formulate a successful business strategy.

  • More Info
    Open More Info Mega Menu
    • Learning Experience
      Master real-world business skills with our immersive platform and engaged community.
    • Certificates, Credentials, & Credits
      Learn how completing courses can boost your resume and move your career forward.
    • Learning Tracks
      Take your career to the next level with this specialization.
    • Financing & Policies
      • Employer Reimbursement
      • Payment & Financial Aid
      • Policies
    • Connect
      • Student Stories
      • Community
    • Need Help?
      • Frequently Asked Questions
      • Request Information
    • Apply Now
Login
My Courses
Access your courses and engage with your peers
My Account
Manage your account, applications, and payments.
HBS Home
  • About HBS
  • Academic Programs
  • Alumni
  • Faculty & Research
  • Baker Library
  • Giving
  • Harvard Business Review
  • Initiatives
  • News
  • Recruit
  • Map / Directions
HBS Online
  • Courses
  • Business Essentials
  • Leadership & Management
  • Entrepreneurship & Innovation
  • Strategy
  • Finance & Accounting
  • Business in Society
  • For Organizations
  • Insights
  • More Info
  • About
  • Media Coverage
  • Founding Donors
  • Leadership Team
  • Careers
  • My Courses
  • My Account
  • Apply Now
  • …→
  • Harvard Business School→
  • HBS Online→
  • Business Insights→

Business Insights

Harvard Business School Online's Business Insights Blog provides the career insights you need to achieve your goals and gain confidence in your business skills.

 
Filter Results Arrow Down Arrow Up

Topics

Topics

  • Accounting
  • Analytics
  • Business Essentials
  • Business in Society
  • Career Development
  • Communication
  • Community
  • ConneXt
  • Decision-Making
  • Earning Your MBA
  • Entrepreneurship & Innovation
  • Finance
  • Leadership
  • Management
  • Marketing
  • Negotiation
  • News & Events
  • Productivity
  • Staff Spotlight
  • Strategy
  • Student Profiles
  • Technology
  • Work-Life Balance

Courses

Courses

  • Alternative Investments
  • Business Analytics
  • Business Strategy
  • CORe
  • Design Thinking and Innovation
  • Disruptive Strategy
  • Economics for Managers
  • Entrepreneurship Essentials
  • Financial Accounting
  • Global Business
  • Leadership Principles
  • Leading with Finance
  • Management Essentials
  • Negotiation Mastery
  • Organizational Leadership
  • Power and Influence for Positive Impact
  • Strategy Execution
  • Sustainable Business Strategy
  • Sustainable Investing
Subscribe to the Blog
RSS feed

Topics

Topics

  • Accounting
  • Analytics
  • Business Essentials
  • Business in Society
  • Career Development
  • Communication
  • Community
  • ConneXt
  • Decision-Making
  • Earning Your MBA
  • Entrepreneurship & Innovation
  • Finance
  • Leadership
  • Management
  • Marketing
  • Negotiation
  • News & Events
  • Productivity
  • Staff Spotlight
  • Strategy
  • Student Profiles
  • Technology
  • Work-Life Balance

Courses

Courses

  • Alternative Investments
  • Business Analytics
  • Business Strategy
  • CORe
  • Design Thinking and Innovation
  • Disruptive Strategy
  • Economics for Managers
  • Entrepreneurship Essentials
  • Financial Accounting
  • Global Business
  • Leadership Principles
  • Leading with Finance
  • Management Essentials
  • Negotiation Mastery
  • Organizational Leadership
  • Power and Influence for Positive Impact
  • Strategy Execution
  • Sustainable Business Strategy
  • Sustainable Investing
Subscribe to the Blog
RSS feed

Data Privacy: 4 Things Every Business Professional Should Know

Professional working with data privacy icons
  • 04 Mar 2021
Catherine Cote Author Staff
tag
  • Analytics

Data is a powerful resource that’s at the disposal of nearly every organization. It's collected every time an action is taken online, a product is purchased, and a patient visits a doctor. With so much data available, it’s beneficial to know how to use it to drive impactful decisions in your organization.

But what rights do customers have when it comes to their privacy? How can you navigate those rights and uphold their trust and safety? Data privacy is an imperative field to understand as a data-driven professional. Here’s a primer on what data privacy is and four things you need to know.


Free E-Book: A Beginner's Guide to Data & Analytics

Access your free e-book today.

DOWNLOAD NOW

What Is Data Privacy?

Data privacy, also known as information privacy, is a subcategory of data protection that encompasses the ethical and legal obligation to protect access to personally identifiable information (PII).

In the Harvard Online course Data Science Principles, taught by Harvard Professor Dustin Tingley, it’s explained that data privacy is made up of three key questions:

  • What data is collected?
  • How is the data stored?
  • Who can access the data?

Considering these questions can help you determine how to ensure the privacy of sensitive data without hampering its usefulness to your organization.

Related: Data Governance: A Primer for Managers

Data Privacy vs. Data Security

There’s a distinction between data privacy and data security, which together make up the field of data protection. Although they aid each other and share common goals, they have different focuses and implementations.

Data security focuses on systems in place that prevent malicious external attempts to access, steal, or destroy data, whereas data privacy focuses on the ethical and legal use and access to sensitive data and PII.

To illustrate the difference, imagine you work at an e-commerce company that stores its customers’ demographics, contact information, and credit card details. Customers freely and ethically provided this information, and your organization is in compliance with applicable privacy laws. The data is only accessible to members of your organization who need it to do their jobs and securely stored in an internal database. Data privacy encompasses all of these measures.

Now, imagine a third-party source tries to hack into your company’s database with malicious intent. This is where data security comes in. Two-factor authentication, data file encryption, and virtual private network (VPN) access are all examples of data security measures that can help protect your customers’ sensitive information and identities.

Data security and data privacy work together to ensure your customers’ safety and anonymity. Here are four things you should know about data privacy to help your organization collect and handle data with ethical and legal integrity.

4 Things to Know About Data Privacy

1. What Constitutes Personally Identifiable Information?

Personally identifiable information is any information that can be linked to a specific person. Examples of PII include:

  • Name
  • Address
  • Phone number
  • Email address
  • Social Security number
  • Driver’s license number
  • Social media handles
  • Bank account number
  • Passport number

The Importance of De-Identifying a Dataset

When non-identifiable information is linked to PII in a dataset, an individual’s privacy is lost. It’s of the utmost importance that consent is given before any PII is collected or made public. To protect privacy, one tactic is to de-identify data, or remove all PII from a dataset.

For example, if your company is tracking spending habits across various demographics, remove customers’ names, contact information, address, and credit card details, leaving only their demographics (for instance, age and gender) and purchase history. This ensures your company can still analyze variables of interest without putting customers’ privacy at risk.

The process of de-identification requires you to critically think about connections that can be made through data so it’s truly de-identified. Harvard Professor Latanya Sweeney, who’s featured in Data Science Principles, conducted research to discover how easily de-identified data can be re-identified. Re-identification is the process of combining two or more datasets to reveal identities, and it presents a significant threat to privacy.

In the course, Sweeney explains that information often assumed to be anonymous—like birthdate, gender, and ZIP code—can be linked to specific individuals in public, non-de-identified datasets, like voter lists.

“Eighty-seven percent of people in the United States are estimated to be unique based on date of birth, gender, and ZIP code,” Sweeney says. “If somebody takes a dataset that’s supposed to be anonymous and re-identifies the people in it, all kinds of harm can happen.”

2. How to Protect Data Internally

While your company may collect and store customers’ data, all employees shouldn’t have access to it. PII should only be available on a need-to-know basis within an organization. This prevents any accidental, or purposeful, misuse or publication of sensitive information.

Here are some simple but effective tips to secure data internally:

  • Lock your computer when you get up from your desk.
  • Lock any filing cabinets or drawers containing hard copies of data.
  • Password-protect database access.
  • Use a secure file transfer method.
  • Properly store physical copies of data, and don’t leave them out where they could be taken, misplaced, or read.
  • Don’t message or talk about sensitive data with others unless you’re in a secure, private meeting room.

Although some of these tips seem like common sense, they can go a long way in ensuring your customers’ data remains in the right hands.

3. It’s a Legal Responsibility

Data privacy is a legal responsibility with strict guidelines and repercussions. The laws that apply to your company depend on location and the type of data you handle. Familiarize yourself with the laws that pertain to the locations of your business and customers.

Here are a few examples of data privacy laws, who they impact, and what they generally require. In addition to data privacy, many of these laws include mandates pertaining to data security.

General Data Protection Regulation (GDPR)

The GDPR is a data protection act passed by the European Union in May 2018. This law applies to any person or company that handles the data of Europeans. The seven pillars of the GDPR are:

  • Lawfulness, fairness, and transparency: There should be no deception in the data collection process.
  • Purpose limitation: Data subjects must be told why you’re collecting their data.
  • Data minimization: You must only collect the smallest amount of data necessary for your specified purpose.
  • Accuracy: You must keep data accurate and up to date.
  • Storage limitation: The data must not be stored for longer than the intended purpose.
  • Integrity and confidentiality: Appropriate security measures must be in place to ensure confidentiality, and the data’s integrity must be maintained across format and time.
  • Accountability: Data handlers are responsible for complying with the GDPR.

The GDPR is extensive and, at points, vague. If you’re collecting data from customers who live in the European Union, give this law a thorough readthrough to ensure you’re in compliance.

California Consumer Privacy Act (CCPA)

The CCPA, passed in June 2018, protects California citizens’ right to be aware and in control of what personal data businesses collect and store about them. The law comprises four key individual rights:

  • The right to know about the data businesses collect about them and how it’s used and shared
  • The right to delete personal information collected from them (with a few exceptions)
  • The right to opt-out of the sale of their personal information
  • The right to non-discrimination for exercising their CCPA rights

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a law passed in 1996 to protect the medical privacy of US citizens. The HIPAA Privacy Rule was put in place to provide explicit guidelines for any person or organization that handles medical data. This includes:

  • Health care providers, such as hospitals, doctor’s offices, and dental practices
  • Health plans, such as insurance organizations and health maintenance organizations
  • Health care clearinghouses, for instance, a company that transfers health care data from a health care provider to a business associate
  • Business associates, whose duties include claims processing, data analysis, utilization review, and billing involving personally identifiable medical data

The HIPAA Privacy Rule aims to protect individuals’ rights to know and control who has access to their medical data and understand how it’s being used. It protects their right to privacy while still allowing for the transfer and use of data to drive medical advancement.

Related: 3 Applications of Data Analytics in Health Care

4. It’s an Ethical Responsibility

Data privacy is not only a legal matter, but an ethical one. The ethics of data privacy can be boiled down to the fact that an individual’s consent is necessary to collect, store, and use their personal information.

The powerful nature of data can be enticing, but it’s important to judiciously use PII. Remember: There are real people behind your data points. They have identities and lives that could be at risk if their sensitive data ends up in the wrong hands, which makes your precautions and transparency well worth the effort.

A Beginner's Guide to Data & Analytics | Access Your Free E-Book | Download Now

Protecting Your Customers’ Data

Your compliance with privacy laws, internal precautions, and efforts to de-identify data help uphold your customers’ safety and right to privacy. In giving you their consent, they’re trusting you to protect their information and use it for a specific purpose—whether that’s identifying a trend that could lead to a new product, tracking spending habits to personalize their shopping experience, or backing a decision to increase funding for a specific health care initiative.

Understanding the ethical, legal, and logistical foundation of data privacy enables you to maintain their trust and use data to make a positive impact.

Are you interested in furthering your data literacy? Download our Beginner’s Guide to Data & Analytics to learn how you can leverage the power of data for professional and organizational success.

About the Author

Catherine Cote is a marketing coordinator at Harvard Business School Online. Prior to joining HBS Online, she worked at an early-stage SaaS startup where she found her passion for writing content, and at a digital consulting agency, where she specialized in SEO. Catherine holds a B.A. from Holy Cross, where she studied psychology, education, and Mandarin Chinese. When not at work, you can find her hiking, performing or watching theatre, or hunting for the best burger in Boston.
 
All FAQs

Top FAQs

How are HBS Online courses delivered?

+–

We offer self-paced programs (with weekly deadlines) on the HBS Online course platform.

Our platform features short, highly produced videos of HBS faculty and guest business experts, interactive graphs and exercises, cold calls to keep you engaged, and opportunities to contribute to a vibrant online community.

Do I need to come to campus to participate in HBS Online programs?

+–

No, all of our programs are 100 percent online, and available to participants regardless of their location.

How do I enroll in a course?

+–

All programs require the completion of a brief application. The applications vary slightly from program to program, but all ask for some personal background information. You can apply for and enroll in programs here. If you are new to HBS Online, you will be required to set up an account before starting an application for the program of your choice.

Our easy online application is free, and no special documentation is required. All applicants must be at least 18 years of age, proficient in English, and committed to learning and engaging with fellow participants throughout the program.

After submitting your application, you should receive an email confirmation from HBS Online. If you do not receive this email, please check your junk email folders and double-check your account to make sure the application was successfully submitted.

Updates to your application and enrollment status will be shown on your Dashboard. We confirm enrollment eligibility within one week of your application.

Does Harvard Business School Online offer an online MBA?

+–

No, Harvard Business School Online offers business certificate programs.

What are my payment options?

+–

We accept payments via credit card, Western Union, and (when available) bank loan. Some candidates may qualify for scholarships or financial aid, which will be credited against the Program Fee once eligibility is determined. Please refer to the Payment & Financial Aid page for further information.

We also allow you to split your payment across 2 separate credit card transactions or send a payment link email to another person on your behalf. If splitting your payment into 2 transactions, a minimum payment of $350 is required for the first transaction.

In all cases, net Program Fees must be paid in full (in US Dollars) to complete registration.

What are the policies for refunds and deferrals?

+–

After enrolling in a program, you may request a withdrawal with refund (minus a $100 nonrefundable enrollment fee) up until 24 hours after the start of your program. Please review the Program Policies page for more details on refunds and deferrals. If your employer has contracted with HBS Online for participation in a program, or if you elect to enroll in the undergraduate credit option of the Credential of Readiness (CORe) program, note that policies for these options may differ.

 

Sign up for News & Announcements

Subject Areas

  • Business Essentials
  • Leadership & Management
  • Entrepreneurship & Innovation
  • Strategy
  • Finance & Accounting
  • Business & Society

Quick Links

  • FAQs
  • Contact Us
  • Request Info
  • Apply Now

About

  • About Us
  • Media Coverage
  • Founding Donors
  • Leadership Team
  • Careers @ HBS Online

Legal

  • Legal
  • Policies
Harvard Business School
Copyright © President & Fellows of Harvard College
  • Site Map
  • Trademark Notice
  • Digital Accessibility