Data Privacy Week – Why should you care?
- Posted on January 28, 2022
- Estimated reading time 4 minutes
Do you recall a time you visited a website that didn’t ask you about cookies? Or the time you didn’t know what cookies were? Do you remember when that ‘big website’ got fined for mishandling personal data? There is a war for your personal data… and the battle has more than two sides. It’s no wonder that at the end of 2019, Forbes identified data privacy and security as the most pressing issue in the upcoming decade.
As a consumer it’s good to know what laws are protecting you and how the businesses you engage with need to manage your data. There are risks to you of exposure. It’s about more than just making sure your data isn’t sold to advertisers without your consent.
Your personal information can be used against you and scammers and hackers are only part of the associated risks. Information gathered against you allows more targeted and dangerous situations to become more probable. Others you know, including your work, places you have access to will become potential targets. All because one more piece of the puzzle for the bad guys is in place. Blackmail or physical harm are not out of the question – if you can get them information they need, or access to things they want to exploit a larger plan. Never assume your data is too insignificant for anyone to want, or the impact it could have.
Businesses: Protect your employees and your customers
If you lose their trust, it can be devastating.
As a business do you have measures in place to protect your data? This includes your employees, business and customers data. You may think data privacy is only for the lawyers, or something doesn’t apply because of where you operate, or data you have ‘doesn’t count.’
It’s important to not make any assumptions and carefully assess and validate. Yes, there is a great deal of legal work to know exactly what can be levied against you but the great news is that we’re seeing a rise in roles like “Chief Data Privacy Officer”. These roles are a hybrid of a CISO and Legal and are focused on data privacy, and teams for data privacy governance.
Data privacy ‘got big’ when the EU released the General Data Protection Regulation (GDPR). Now we have 100s of regulations across the globe. Most countries have some regulation, some with very interesting effects. For example, India’s current proposed changes will treat social media sites like press. In the United States, only 15 states (to date) don’t have some form of legislation in place or in the works. For a national business that’s a lot of different regulations to account for.
Businesses need to understand the regulations apply to the individual residence, not just the business location. So, if you have data from individuals outside your area, you also need to account for that. This also extends into your partner ecosystem. Does that contract with your vendor, partner or supply chain expect you to comply with something you don’t normally account for?
It’s important to state that privacy and protection are not the same thing. Just because you have a data protection technology in place doesn’t mean you are meeting data privacy regulations. Much in the same way that compliance does not mean security. You want to have assurance you’re addressing all the right areas.
Rethink your data privacy governance program – it doesn’t need to be over complicated
All organizations should understand their requirements for data privacy and have plans in place to achieve and maintain the integrity of the program. It will require:
- Detailed knowledge of business processes across many lines of business
- Strong policies, processes and people to manage the security of the lifecycle
- Knowledge of where data comes in, gets stored, copied, deleted and verify that as well
In today’s landscape it’s imperative that organizations build programs and processes to manage this. The work done to implement and maintain data privacy will improve your cybersecurity program as well. It may allow you to adjust how the business operates. You may find ways to increase efficiency or even reduce the amount of data you’re storing and transmitting – and that’s also a good thing.
If you’re not sure where to start, download our free Data Privacy Guide which looks at 5 steps to help you on your journey to a mature state of data privacy and security or inquire about one of our Data Privacy workshops.