1. Vet people in sensitive positions with things like background checks. This isn't very effective, but gosh will you feel silly if you hire an actual criminal or spy from a country that isn't very good at it.
2. Use access controls so people can only access what they need to for their role. Logged and audited "break glass" functions to access additional data in emergencies can let you set more restrictive permissions for day-to-day use.
3. Be extremely clear to people about privacy expectations, and that bad-faith access of private data is possibly a crime and certainly subject to termination. This is where you can make a strong distinction between not stressing about accidents and volunteering if you do something by mistake vs intentional access and covering it up.
4. Keep access logs and audit them. We randomly audit data access events, as well as randomly selecting customers and auditing all accesses to their data. If we ever had suspicions about an employee we would audit everything they did in a particular time.
5. Use "trip-wires" on particularly sensitive accounts or that people might have incentive to look at, such as celebrities or coworkers.
As an example, there's a lot of potential liability for healthcare providers if their employees violate customer privacy. So generally they do employee background checks to try to make sure they don't hire known criminals, they put them through a privacy law compliance training, and an alert gets fired off to security if someone tries to look up Britney Spears' patient records or accesses records with their same last name (family members).
1. Vet people in sensitive positions with things like background checks. This isn't very effective, but gosh will you feel silly if you hire an actual criminal or spy from a country that isn't very good at it.
2. Use access controls so people can only access what they need to for their role. Logged and audited "break glass" functions to access additional data in emergencies can let you set more restrictive permissions for day-to-day use.
3. Be extremely clear to people about privacy expectations, and that bad-faith access of private data is possibly a crime and certainly subject to termination. This is where you can make a strong distinction between not stressing about accidents and volunteering if you do something by mistake vs intentional access and covering it up.
4. Keep access logs and audit them. We randomly audit data access events, as well as randomly selecting customers and auditing all accesses to their data. If we ever had suspicions about an employee we would audit everything they did in a particular time.
5. Use "trip-wires" on particularly sensitive accounts or that people might have incentive to look at, such as celebrities or coworkers.
As an example, there's a lot of potential liability for healthcare providers if their employees violate customer privacy. So generally they do employee background checks to try to make sure they don't hire known criminals, they put them through a privacy law compliance training, and an alert gets fired off to security if someone tries to look up Britney Spears' patient records or accesses records with their same last name (family members).