As we are currently experiencing growing and important changes in the use of technologies and the advance of digital transformation, access to information and use of personal data are aspects that have become more relevant due to the impact of use, whether good or bad, and the value for people, companies as well as its reputation, and society in general.
Certainly, safeguarding information is a relevant subject included in information security. Personal data of customers, workers, suppliers, among others, constitute an important part of this information; therefore, it should be considered within the policies, risk assessment and treatment, and security controls, since they are undoubtedly critical information assets that must be managed within the framework of a security management system implemented in the company, if any.
However, it is crucial to formally establish these practices in companies to make the protection of personal data an aspect that is not neglected or considered as a gesture of goodwill of the directors or executives of the companies. For this reason, and according to the need and full awareness of the importance of citizens’ information, countries have established their own laws and regulations in order to require companies to consider safeguarding the personal data of the interested parties involved in any aspect of the company, with the aim of ensuring its formal and comprehensive treatment, also considering essential aspects of human rights.