Data Privacy Day 2023: Technology leaders highlight the importance of safeguarding data
January 28 is observed as Data Privacy Day globally, for about a decade now. Amid rising security incidents, securing confidential data from internal and external threats has become the top priority for organizations today. The theme for this year is ‘Protecting personal data at home and work.’ For this Data Privacy Day, CXOToday speaks to experts in the technology industry on why securing data is important and how users and organizations can improve their data security practices.
Samir Kumar Mishra, Director of Security sales, Cisco India & SAARC
“As organizations grow their digital footprints and generate massive amounts of data, cybersecurity vulnerabilities will continue to mirror these changes and rise. According to the latest Cisco Security report, almost 90 percent of security leaders in India say cybersecurity incidents will disrupt their businesses over the next 12-24 months. And another Cisco study said that, network/data breach was estimated as one of the leading cyber risk incidents in India by almost 70% of organizations. With data becoming the foundation of everything we do, organizations must embed data protection and privacy deeply into their culture and ongoing operations. Moreover, as threats intensify in 2023, cybersecurity resilience, preparedness, and response must be at the forefront.
With privacy as a critical business priority, leaders need to recognize that everyone across their organization plays a vital role in protecting data. Creating a security culture, evaluating potential risks, and managing them appropriately, such as eliminating commonly used passwords and utilizing multi-factor authentication, will help organizations stay protected and resilient. As 5G becomes widespread and emerging technologies like IoT, cloud, edge, and metaverse take center stage, enterprises, governments, and consumers must strengthen their cybersecurity architecture to ensure data protection in order to thrive in the techade.”
Drew Bagley, VP & Counsel for Privacy and Cyber Policy, CrowdStrike
“Today we live such ultra-connected and busy lives with technology omnipresent yet transparency and security often lagging behind. It is important to remember that cyberattacks pose some of the most significant threats to privacy today. This makes Data Privacy Day a terrific opportunity for individuals and organizations processing data to reflect on key privacy principles and responsibilities.
In recent years we have seen a significant rise in data leak extortion incidents, whereby cyber threat actors attempt to hold data hostage – including personal or health information – unless they are paid. Identity-based attacks are also on the rise where compromised credentials are leveraged to access accounts and access sensitive data. Concurrent with this trend, countries around the globe have adopted privacy regulations that include cybersecurity requirements. Therefore, it is important for individuals and organizations alike to ask what the current risks to their privacy are and how they’re mitigating them.
As we recognize Data Privacy Day, it is important to reflect on what holistic data protection entails, and how critical cybersecurity is, not only to compliance but to protecting privacy. For policy makers and regulated organizations alike, it is important to focus on the big picture goal of incentivizing the adoption of the best way to protect data rather than arbitrary geo-restrictions not respected by cyber adversaries.”
Satya Machiraju, VP, Information Security at Whatfix
“Data Privacy Day serves as a valuable reminder for companies in the tech industry to reflect on the importance of protecting personal information. In today’s digital age, data breaches, identity theft, and other cyber threats are becoming all too common, making it more important than ever to take proactive steps to safeguard personal information.
As a tech company, we understand the importance of data privacy and take it very seriously. We recognize that our customers trust us with their personal information, and it is our responsibility to ensure that this information is protected.
We have implemented various security strategies to protect our customers’ information, including regular risk assessments to identify potential vulnerabilities and threats, data encryption to safeguard against unauthorized access, incident response and data recovery plans, employee training on security best practices and threat identification, and ongoing software and system updates to address known vulnerabilities and the latest security patches.
We also strive to be transparent about our data privacy practices, providing clear and concise explanations about what information we collect, how we use it, and the steps we take to protect it.
Moreover, we believe that utilizing analytics tools to support compliance is a crucial step toward better data privacy management. By visualizing who has access to specific information and whether it is still pertinent to their role, we can lower the risk of human error and streamline IT procedures.
In conclusion, data privacy is an ongoing commitment that requires constant attention and effort. As a tech company, we are dedicated to protecting our customers’ personal information and will continue to invest in the necessary resources to ensure that their information is safe and secure.”
Peter Waters, Senior Vice President, Legal at Equinix
“In today’s era, with companies undergoing a rapid digital transformation, data privacy compliance has emerged as an important concern driving crucial business decisions. As companies expand their digital footprints and massive amounts of data are being generated and transferred globally, cybersecurity vulnerabilities continue to upsurge. The Data Privacy Day is a reminder for organizations to evaluate their cyber risks and ensure strong data privacy and security policies and practices are in place, but also in such a way that will not impede innovation within the digital economy. It is a balancing act, and necessitates risk assessment. Due to the growing complexity of data flows, enterprises must evolve previous ways of securing data in transit and at rest to a posture of constant governance where all data is protected.
Data privacy policies play a vital role of all business strategies, regardless the size of the company. It is not only organizations which have evolved in terms of digital adoption, but hackers also have evolved the way they perform cybercrimes. To address external security threats, organizations must deploy and frequently update the basic processes such as two-factor authentication, firewalls and anti-malware solutions. Additionally, they can also implement extra advanced strategies such as Trusted Platform Module (TPM) capabilities and adopting Zero Trust architecture. Another crucial step towards comprehensive data privacy compliance is to be aware of which data is stored and exactly where. The human factor is often the most vulnerable in the data protection chain and organizations need to ensure employees are well-versed with the compliance regulations and best security practices by providing them with both training and proper guidelines for those who come into contact with the most sensitive data types, whether personal data or not.
At Equinix, security and privacy has always been at paramount. With strongly adhering to data privacy and cybersecurity policies and practices, we are uniquely positioned to support data privacy compliance requirements of many of the largest enterprises in the world through cloud adjacency. Through our Equinix Privacy Office, we proactively manage our own compliance with applicable new and evolving data privacy laws and seek to assist customers to do the same.”
Adam Mayer, Director, Qlik
“Data Privacy Day should act as a reminder that every individual within an organization requires a basic understanding of their internal privacy rules and regulations. It has become more important than ever for organizations to ensure they implement good practice, as not adhering to stringent guidelines can have serious financial repercussions.
“As data privacy becomes increasingly crucial in today’s data driven world, there’s a growing need for roles where the highest standards can be implemented. Our research found that by 2030, businesses will have “Chief Trust Officers” in place that will be responsible for setting the foundation of governance, outlining policies and procedures for all staff to follow. Ultimately, a holistic approach should be adopted to ensure that organizations can harness real-time data insights without data privacy issues arising. Understanding the data lineage, managing user access through a data catalogue, and ensuring people understand how to draw from and use different data sources responsibly through data literacy education, are key to preventing new compliance concerns, and should be front of mind for Chief Trust Officers.
“Data Privacy Day is also a timely reminder to take a look beyond the usual access controls and think about how analytics could be used to support compliance. Analytics programmes can help IT teams visualise who has access to what information and if that remains relevant to their role. For instance, this could be through bringing together disparate data sets on user access controls and HR lists of leavers, starters and changers to ensure that there are no anomalies where people retain access to information that is no longer appropriate to their role. This helps businesses introduce real intelligence into the management of data privacy to reduce the risk of human error and streamline processes for IT teams.”
Bakshish Dutta, Country Sales Manager, India & SAARC, Druva
“Data Privacy Day is an opportunity for businesses to take inventory of their protection practices and identify what more they can do to build trust. Keeping the end user’s privacy interests at heart and leading with transparency is a fool-proof strategy; it will never fail you. Seize the moment by reviewing your data processing activities to understand what’s being collected, how it’s being stored, and who it’s being shared with. If you haven’t already, ensure systems are in place to appropriately record consent, establish audit trails that can track to your entire data environment, and develop processes for inbound requests to remove, erase, or modify data upon request. Don’t forget your responsibility extends to your suppliers and partners who have access to employee or customer data, so hold them to the same standard and review their practices as well.
Although Data Privacy Day only comes once a year, there is no doubt that it serves as a timely reminder for businesses to put privacy at the forefront and to continue to do so every day after that. By these taking fundamental steps, businesses will be able to improve their resiliency and navigate today’s new landscape successfully.”
Andy Teichholz, Global Industry Strategist, Compliance & Legal at OpenText
“While government authorities and businesses have been challenged during the pandemic with balancing the twin priorities of protecting public health and protecting personal data , consumers have become more aware of the growing risks around their personal data, including where it may end up and who has access to it. With ongoing news coverage of high-profile data breaches and publicity around new government legislation on the horizon, consumers are more aware than ever before of their data privacy rights and organisational obligations to safeguard personal data. Our recent research found that almost three-quarters (72%) of consumers say they have new concerns about how organisations use their data, since the start of the pandemic.
Customer trust is crucial for business success but gaining and maintaining that trust is not always easy. Almost half (46% ) say they would no longer use or buy from a company they were previously loyal to if it failed to protect or leaked their personal data. In today’s digital age, consumer priorities are rapidly shifting to take stock of how their personal data is being processed and used. To this end, customers are more empowered than ever to exercise their rights and reclaim control of their information by submitting Subject Rights Requests (SRRs), with our research showing that more than a third (34% ) of consumers would completely abandon a brand if the company failed to respond to a SRR.
With the help of available technologies including AI and ML tools, organisations cannot only locate all personal and sensitive information, they can appropriately classify, manage, and protect it throughout its lifecycle and apply policy-based retention tools to support data minimization. They can also automate the SRR fulfilment process to ensure deadlines are met and that processes are repeatable and defensible. It’s also essential to bake cyber resilience into the fibre of an organisation. While it is impossible to totally remove the risk of a breach, cyber resilience encourages a solid recovery plan to be put in place in the event of one. To create a true information advantage, establishing an integrated data management strategy will also help businesses differentiate themselves in the marketplace.
Customer trust is fragile, and Data Privacy Day is an opportunity for organisations to reflect on their practices – to ensure they are doing all that they can to respect privacy rights, safeguard their customer’s personal data and maintain their loyalty.”
Brian Gin, Chief Privacy Officer, Trellix
“There’s no doubt privacy is a priority – and Data Privacy Week is a great time to talk about how we all have a key role in protecting it. Sometimes, we as people and organizations make the mistake of thinking privacy is someone else’s job. When in fact, every one of us is critical. Everyone with access to personal information or who helps build a product that does – almost everyone in the workplace – is responsible for safeguarding it.
I continue to find the most successful and trusted privacy programs are the ones encouraging and empowering all employees to be responsible for protecting data. People across all functions – marketing, sales, engineering, etc. – not only understand their basic privacy obligations, but also feel it’s their duty to advocate for the proper and ethical use of data. With this strong foundation, and a core belief that we all benefit when privacy is viewed as a fundamental human right, corporate privacy programs can shine. This needs to be the north star we follow.”
Vijendra Katiyar, Country Manager, India & SAARC, Trend Micro
“In India, data privacy has been a major concern in recent years as the country has seen a significant rise in cyber threats and data breaches. According to a report by the Indian Computer Emergency Response Team (CERT-In), there were over 12.6 lakh cyber-attacks in India reported until November 2022, a notable jump from previous years. Data Privacy day, observed annually on January 28, serves as a reminder for individuals and organizations to prioritize data privacy and security. As the world becomes increasingly digitized, it is more important than ever to ensure that personal information is protected from unauthorized access, use, and disclosure. In this evolving threat landscape, businesses should explore a platform-based approach that enables them to consolidate visibility, analysis, and controls across security layers and workflows. This means taking a holistic approach to security that includes not only traditional IT security measures but also physical security, personnel security, and security awareness training. With the increasing number of cyber threats and data breaches in the country, it is crucial for individuals and organizations to take a proactive approach to protecting data. By implementing strong security measures and educating users about the risks associated with sharing information online, we can work towards a safer and more secure digital environment for all.”