AS discussed previously here and elsewhere, the issue of protecting data has been undergoing some significant amount of scrutiny over the past decade. That scrutiny increased significantly last year and the EU recently disavowed the Safe Harbor Act, which served as the agreement between the US and the European Union countries. The links below discuss the agreement reached in principle as well as brief overview of the issue itself.
Why is this important to NA? Narcotics Anonymous is an ever-growing fellowship that exists in many countries, which are governed by various laws concerning privacy and the protection of personal data. It was discussed briefly here in this post. As mentioned within that post, www.na.org’s privacy policies were revised and can be seen at http://www.na.org/?ID=privacy. Many of our websites, not just the main website at na.org is visited by people from Europe and elsewhere. Website operators have a responsibility to safeguard the privacy and personal data of their visitors. Our websites, and the information collected via those websites, including all the event registrations, subscriptions of various type, and shopping carts, etc. are our responsibility. Europe is much more active in this area than the US, and the danger was that if an agreement was not reached, the repercussions could be grave. Repercussions could range from warnings to fines to other legal actions.
Websites from mom-and-pop operations to major corporations are being scanned constantly, trying to hack in and gather whatever data is collected by those websites. And, in all reality, no website is ever 100% safe from being hacked. We, at na.org, do our best, but know the only way we can keep our visitor’s data safe is to not keep them on the webservers, but transfer them to more secure environments, or use time-tested third-party vendors. We employ four layers of security in our network and know that we are still not completely safe. Vigilance, updated current antivirus, security devices and software, analytics and truly actionable intelligence are the keys for us, along with a tested disaster-recovery solution.
The days of us thinking “this concerns them, not us” are long gone. We need to become and stay aware of what practices we use on our websites and in our networks to comply with these laws. More information is always available on the net. I would suggest that if you are interested, look at some of the links mentioned in various posts in this blog, to stay updated about what’s new in security.
Until next time,