International Data Privacy Day – January 28 – is a chance for us to raise awareness, remind ourselves of our commitments to data privacy, and ensure we know data protection best practices.
Understanding data privacy
Data privacy (sometimes called “information privacy”) is a subset of data protection that deals with the proper and correct handling of data with a strong focus on compliance with data protection regulations.
Therefore, the focus is on how data should be collected, stored, managed, and shared with any third parties and compliance with the applicable laws and regulations, such as General Data Protection Regulation (GDPR) and should not be confused with data security, which includes measures an organization takes in order to prevent any third party from unauthorized access.
According to the UN, 128 out of 194 countries have passed legislation to secure data and privacy protection. Of them, 10% of countries have drafted legislation, while 19% have no legislation at all.
Familiarizing yourself with the applicable data privacy laws that affect you – usually your server’s location and the location of those you are collecting data from – is important. The UN’s tracker makes it easy to see what bills have been passed in each location.
GDPR, for example, applies to any company or entity that processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed, or to any company established outside the EU that is offering goods or services to EU citizens or is monitoring the behavior of individuals in the region.
A lack of awareness and technical insight into data privacy remains a core concern for several industry thought leaders as organizations become increasingly exposed to data privacy concerns and regulation.
Manish Sehgal, Partner, Deloitte India says, “Storing data beyond its mandated retention period makes an organization more vulnerable to a data breach or regulatory non-compliance, which may have an impact in many forms, including but not limited to financial and/or reputational loss.”
As organizations across the globe become more customer centric, it becomes inevitable for them to consider new and upcoming privacy laws and standards with regards to data protection, says he.
Transparency is the key
It has been seen that a key element of data privacy is transparency, which in turn breeds trust. Salesforce’s State of the Connected Customer reports show a big shift in the need for trust in a span of one year. For example, in the 2019 report, 73% of customers say companies’ trustworthiness matters more than it did a year ago and 54% say it’s harder than ever for a company to earn their trust. In its 2020 report, Salesforce goes further and states that nearly half of customers have stopped buying from companies because of privacy concerns.
Privacy laws enable individuals to exercise their rights, such as the right to be forgotten, and in certain circumstances, individuals can take back ownership of their data. In order for companies to keep the data and keep the trust, they will have to demonstrate transparency by openly communicating on what data they collect, for what purposes, who is a data processor, and so on.
Transparency, trust, and the ability to communicate and react to consumer requests will not only ensure you’re staying on the right side of data privacy legislation; it will give you a competitive advantage.
With the development of technology, there are more and more intrusive ways to collect and process personal information. As a Gartner report notes, over 40% of privacy compliance technology will rely on artificial intelligence (AI) by 2023, up from 5% today.
Bart Willemsen, research vice president at Gartner believes that privacy laws, such as GDPR, presents a compelling business case for privacy compliance and inspired many other jurisdictions worldwide to follow.
“Privacy leaders are under pressure to ensure that all personal data processed is brought in scope and under control, which is difficult and expensive to manage without technology aid,” he says, stressing that this is where the use of AI-powered applications that reduce administrative burdens and manual workloads come in.
Anthony Spiteri, Senior Global Technologist, Product Strategy at Veeam however observes, “Many organizations are still relying on legacy systems to protect their data and, as a result, the prospects of downtime, financial loss and reputational damage are constantly teetering on a knife’s edge.”
Spiteri believes that the IT industry must work collectively as an industry to produce a fail-safe solution to protect both our country’s corporate and personal data for centuries – and even millennia – to come.
In fact, it will become incredibly risky for companies to navigate through data privacy laws unprepared. Companies will be at risk of fines and lawsuits, not to mention company reputation and customer loyalty.
Jakub Lewandowski, Global Data Governance Officer at Commvault says, “The onus is on businesses to become familiar with new data regulations as they are introduced – understand who is affected, what is required, whether your business currently meets this standard or if changes have to be made. Though it may take time and money in the short-term, it isn’t worth risking the potential fine in the long term should you ever fall foul of the law.”
Thriving businesses have already started to form their future data privacy and data protection strategies. Apple’s CEO, Tim Cook, is passionate about data privacy initiatives provoking, comprehensive U.S. data-privacy law focused on minimizing data collection, data security, and informing users.
Facebook has already set aside $3 billion to $5 billion for ongoing inquiries regarding multiple data breaches and mishandling of data. However, not every company can afford such a budget for non-compliance.
The important thing is to take proactive steps and measures, like implementing appropriate data safeguards or implementing data protection software that will help you guide your privacy program, automate processes and navigate you through applicable data protection laws.
Ensuring security measures can require a certain investment of resources and money. However, a potential data breach can cost your company more than you think. According to the Cost of a Data Breach Report 2020, conducted by the Ponemon Institute, the average total cost of a data breach is USD 3.86 million.
This can be a valid argument for creating urgency for organizations to start investing in their privacy program and compliance.