The data breaches and hacks populating the news each week make it increasingly difficult to ignore issues regarding data protection. Data Protection Day enables governments, data protection bodies, and industry experts to raise further awareness about data security and privacy.
As data protection becomes prominently built into all levels of business, remaining immersed in the entire process is increasingly important for businesses in building and maintaining a reputation of trust.
This Data Protection Day, teiss spoke to six industry experts to get their opinion on why data protection is so important.
Data protection we can trust
Jon Lucas, Co-Director at Hyve Managed Hosting, comments:
“After an onslaught of data breaches and leaks flooding our news feeds throughout 2019, having confidence in your data security is becoming all the more crucial. Hosting and cloud providers in particular must ensure that their customers’ data is kept safe by prioritising security measures that can help prevent cybercriminals from taking advantage of vulnerabilities.
"It’s now commonly accepted that it’s a matter of when, not if, attacks occur. In the event of a breach, businesses should be able to trust that their provider has suitable security and recovery measures in place, in order to give them peace of mind that no harm will come to the valuable data placed in their hands.”
Setu Kulkarni, VP, Strategy and Business Development at WhiteHat Security, agrees:
"Trust and privacy are the cornerstones of security. Security does not necessarily imply obscurity and withholding – a society just won’t work in such a world. For society to work, physical entities need to trust each other and ensure privacy.
"You can’t go to a doctor and not tell the doctor about what is bothering you because you fear the doctor will not respect your privacy. You trust the doctor. Now phase shift to today, where a doctor is using a digital assistant to capture notes, and you are using web and mobile interfaces to interact with the doctor.
"Now there are digital representations of physical entities in play (digital assistants, web and mobile apps) that need to afford the same (if not higher) levels of trust and privacy to you and the doctor. Systems will need to change soon to accommodate this status change of digital entities.
"Digital entities will become at-par with physical entities, and as such, the social contracts as we know them will need to change to ensure the trust and privacy boundaries across humans, systems and data are upheld."
Recognising data’s value
Rob Mellor, VP and GM EMEA at WhereScape, explains:
“Data Privacy Day serves as a reminder to remain proactive in protecting and managing your data. To stay compliant with privacy regulations such as GDPR and CCPA, knowing where each piece of data sits and who can access it is essential.
"Also, by tagging the data and then tracking its lineage, this helps organisations better understand its usage. Data must then be stored in a location with fast and adaptable extract capabilities, in order to further data protection and comply with subject access requests.
“Organisations with a large number of data sets can experience significant challenges, since manually processing all of the information can be time-intensive and error-prone. One solution many organisations are turning to is data infrastructure automation, which is helping companies ensure all data is tagged, identifiable, auditable and quickly retrievable.
"Companies can then more easily prove their level of data privacy compliance to regulators and customers, and be better prepared for data privacy regulations today and in the future. Data infrastructure automation additionally allows organisations to fully optimise and auto-generate code in-house rather than rely on non-standardised custom code generated by third parties. This further reduces an organisation's data privacy regulation risk.”
Jan van Vliet, VP and GM EMEA at Digital Guardian, furthers Mellor’s point:
"It is imperative that, as businesses continue to generate data at unprecedented rates, IT security professionals are able to quickly identify which items are the highest priority for protection.
“The first step is to understand what value each piece of data has, where it is being used, whether it needs to be encrypted, and how employees or third parties are interacting with it. This information is central to helping organisations make informed decisions about how to manage and secure data appropriately.
“It’s not a one-size-fits-all approach, but done correctly, it can greatly assist companies in meeting governance and compliance regulations, as well protecting intellectual property."
Taking control of data
Samantha Humphries, Senior Product Marketing Manager at Exabeam, reflects:
“This year on Data Protection Day, I encourage IT teams and HR departments to collaborate on a plan that communicates to employees what data your company is monitoring, and why. This is a best practice that will pay dividends as everyone wants to work with organisations that respect the privacy and security of their customers and their people.
“Companies should aim to be transparent about data monitoring and craft policies for employees that are accessible either through paper or digital trainings. Content should avoid confusing jargon and feature an appropriate contact person, who can answer any questions.
"Even for organisations that are not required to comply with data privacy laws like GDPR or CCPA, it’s still a good idea to use these five points as guiding principles for data protection:
· Is the data monitoring lawful, fair and transparent?
· Will the personal data collected be used for a specific purpose?
· Is every reasonable step being taken to erase or rectify data that is inaccurate or incomplete?
· Is data deleted once it is no longer necessary?
· Is the data being appropriately secured?
“To achieve and maintain privacy, the key is education. Data Protection Day, therefore, serves as an annual reminder for organisations to review privacy policies with employees and conduct audits for compliance especially during times such as this, when new laws like CCPA have recently taken effect.”
Jay Ryerse, Chief Technology Officer, Security Products at Continuum, a ConnectWise company, concludes:
“Data protection is the present and the future. We are starting to hear from colleagues and our customers that data protection be built into everything we do as service providers. Our clients understand that we have the keys to their network and will need to have controls in place to protect their data while at rest, during processing, and when in motion.
"Our colleagues demand we take the confidentiality of their personal data as a serious matter. They don't want to see their employer ignore the responsibility associated with their privacy; this is no longer a 'nice to have' but should be incorporated into everything we do.
“Consumers and businesses need to start asking the tough questions of their vendors. They need to understand the supply chain for the services they outsource and what those companies are doing to provide best in class cybersecurity protections. And if those vendors don't have a good answer or don't believe they are at risk, then it may be time to find a new provider.”
Data Protection Day therefore provides the perfect opportunity for businesses and consumers alike to reflect on the importance of data protection, and invest in it sooner rather than later.