Data privacy laws are becoming a major focus globally as businesses scramble to meet new compliance obligations.
Privacy rules generally oblige any business or organization to securely store all data collected or processed by them. What they do with that data is strictly regulated.
According to a Gartner report, by the end of next year about 65% of the world’s population will have their personal data covered under modern privacy rules. Following these extended rules can be challenging.
The harvesting of personal data from electronic transactions and the increasing use of the Internet over the past 20 years have seen companies have almost free reign.
Many organizations involved in international commerce must modify their procedures in line with the new law. This is a priority for transactions and correspondence involving e-commerce and social media.
Expanding consumer mistrust, government action, and competition for customers prompted some governments to introduce stricter rules and regulations. Its effect is changing the conditions of a no-man’s land, which has allowed both large companies and small businesses to run rampant with people’s personal data.
“The biggest challenge companies face by far is maintaining the amount of data they manage, which is subject to ever-changing data privacy requirements,” Neil Jones, director of cybersecurity evangelism at Egnyte, told TechNewsWorld.
Classification of different demands
The European Union has a General Data Protection Regulation (GDPR). According to Jones, in the UK and Continental Europe, data privacy has generally been viewed as a fundamental human right. In the US and Canada, businesses must navigate around a growing patchwork of state and provincial laws.
Data privacy law in the US and Canada has traditionally been more fragmented than in the UK and Europe. Canada’s Quebec, and the United States’ Utah and Connecticut are the latest to enact comprehensive data privacy laws, joining the US states of California, Virginia and Colorado.
By the end of 2023, 10% of states in the US will be covered by data privacy legislation, Jones said. The lack of a universal standard for data privacy has created an artificial layer of business complexity.
In addition, today’s hybrid work environment has created new levels of risk, with complex compliance with myriad privacy concerns.
what’s at stake
To increase productivity, organizations may need to ask employees detailed questions about their behavior and work-from-home arrangements. According to Jones, these types of questions can create unintended privacy implications of their own.
The recent convergence of Personally Identifiable Information (PII) and Protected Health Information (PHI) has put even highly confidential data at risk. This includes confidential test results such as workers’ compensation reports, health records of employees and patients, and COVID-19 information.
“With 65% of the world’s population expected to have personal data covered under privacy regulations by next year, respecting data privacy has never been more important,” Jones said.
cloud privacy barriers
Data privacy and security are the top challenges for implementing a cloud strategy, now rebranded as Foundry, according to a recent study by IDG. In this study, the role of data security was a major concern.
When implementing a cloud strategy, IT decision makers or ITDMs are facing challenges such as controlling cloud costs, data privacy and security challenges, and lack of cloud security skills/expertise.
With more focus on securing privacy data, this problem becomes bigger as more organizations migrate to the cloud. The two main obstacles the IDG study found were data privacy and security challenges and a lack of cloud security skills/expertise.
According to Foundry, spending on cloud infrastructure has increased by about $5 million this year.
“Although enterprise businesses are leading the charge, SMBs are not far behind when it comes to cloud migration,” said Stacey Rapp, marketing and research manager at Foundry, when the report was released.
“As more organizations move towards living entirely in the cloud, IT teams will need the appropriate talent and resources to manage their cloud infrastructure and overcome any security and privacy barriers that may occur in the cloud,” he said.
Organizations can successfully prepare for data privacy legislation, but doing so requires making data privacy initiatives a “full-time job,” Jones maintained.
“Many organizations view data privacy as a part-time project for their web teams, not a full-time business initiative that can significantly impact customer relationships, employee morale and brand reputation,” he said. offered.
Beyond that step comes establishing holistic data governance programs that provide greater visibility into a company’s regulated and sensitive data. Added to this is working with trusted business and technology partners who understand the data privacy space and can help you prepare for rapidly evolving regulations.
Jones suggests that perhaps the most dynamic approach is to use advanced privacy and compliance (APC) solutions. It enables organizations to easily comply with global privacy regulations in one place.
Specifically, APCs can help achieve compliance by:
- Managing Data Subject Access Requests (DSARs), such as the right of individuals to be notified of personal data collected on them, the right to opt-out of personal information being sold to others, or by collecting organizations right to be forgotten
- Assessing the company’s compliance preparedness and scope with specific regulations (eg, GDPR, CCPA)
- Create and review technical assessments of third-party vendors and evaluate potential risks to consumer data
- Enhance cookie consent capabilities such as integration of cookie consent into compliance workflows
It can be difficult for companies to understand today’s rapidly evolving privacy landscape, as well as how specific rules apply to them, Jones said. However, by taking proactive steps, organizations can stay on top of data privacy regulations in the future.
Those phases include these ongoing tasks:
- Monitor the status of data privacy regulations in the countries, provinces and states where the customer base resides
- Create a data privacy task force that can improve organizational focus and increase senior executive focus on privacy initiatives
- Be aware of new federal data privacy legislation such as the proposed US Data Privacy and Protection Act (ADPPA)
It is also important to note the long-term benefits of data privacy compliance. Specifically strengthening the company’s overall cyber security protections.