The worst kept secret of the week may be that today is Data Privacy Day. While you don’t get the day off work, you do get insightful discussion on the importance of securing privacy in an uber-connected digital society, such as the one we find ourselves in.
In the hopes of spurring debate and perhaps make a little progress in the area of data privacy, Datanami has collected the thoughts of 10 data privacy experts. While they share a diversity of opinions, one underlying trend stands out: The tables are turning in the realm of data privacy, and consumers are gaining control.
“Data has the power to help us make the right decisions, to grow, and to drive innovation,” says Stijn Christiaens, founder and chief data citizen at Collibra. “But great power comes with great responsibility: We need to make sure that the data we use is trusted, and that it is used in the right ways. Particularly as new legislative requirements emerge, businesses must look at compliance proactively instead of reactively to avoid reinventing the wheel each time.”
The data privacy discussion is often focused on checkboxes to demonstrate compliance with GDPR, CCPA, and whatever new privacy regulation a state or country has passed that day. But instead of checking boxes, it’s time for companies to take responsibility for maintaining privacy–or consumers will do it for them, Christiaens says.
“We need to reframe the conversation around data privacy to be less complacent and more proactive, and we need to move faster to bring as many people as possible to the table to have a real impact,” Christiaens says. “Invest in building sustainable processes now to be ahead of the market and the competition.”
The organizations that recognize that data privacy, governance, and business success are all wrapped up together and intertwined will have the advantage over those that don’t, says Cindi Howson, chief data strategy officer at ThoughtSpot.
“Those working with data must feel a sense of responsibility as if they were keeping their best friend’s most vulnerable secret,” she says. “In a digital world, data links back to real people – where they went in that Uber, what store they visited before shopping at a lingerie store, and what movie they streamed on their phone. Data enables personalized digital interactions and more efficient movement of goods.
“But failure to respect customer’s data privacy risks loss of trust, revenue, and brand value,” Howson continues. “With more digital data, businesses need to be more transparent in the data they collect and how it’s used. Increased regulation is one approach to ensuring privacy, but the best businesses will design privacy policies with a customer-first mindset, as opposed to exploiting customers for their data.”
Making data privacy a core feature is a great way to grow market share, says Carolyn Duby, the field CTO and cybersecurity lead for Cloudera.
“From our vantage point, we see companies actually using privacy as a selling point, i.e. Apple’s decision to limit other companies’ access to data from their devices,” Duby writes. “This is continuing to expand within the enterprise. Going forward, it’s going to be really important for companies to carefully think about what they’re doing with data and how it affects their customers. And it can’t just be one-sided: It has to be a partnership of what they’re collecting, how they’re keeping it safe, and how they’re using it in an ethical manner.”
We’re becoming more aware of the levels of risk inherent with handling data and conducting commerce in the open Web, but industry regulations at least are guiding us in the right direction, according to Adrian Moir, the technology strategist and principal engineer at Quest Software.
“With Microsoft Exchange, Kaseya, and even Log4j at the end of the year, organizations are recognizing the business need for data privacy,” Moir says. “Looking toward the future, we’re likely to see the way data is perceived, used, and regulated increase and become more refined. Regulatory elements such as the privacy of data itself and the levels of intrusion, data scraping, and ransomware events seem to continue unabated. However, we have seen traction in the right direction this year including multiple new policies emerging affecting privacy in different areas of the globe such as CPRA, China’s Personal Information Protection Law, ColPA and more.
Consumers will get more control over their data this year, says Lewis Carr, senior director of product marketing at Actian.
“In 2022, expect to see all personal information and data sharing options get more granular as to how we control them – both on our devices and in the cloud – specific to each company, school or government agency,” Carr says. “We’ll also start to get some visibility into and control over how our data is shared between organizations without us involved.”
The days of long privacy statements that nobody reads and binary choices (you opt in or you opt out) are over. Instead, Carr says, we’ll see the rise of “data management and cybersecurity platforms with granular permission to parts of your personal data, such as where it’s stored, for how long, and under what circumstances it can be used. You can also expect new service companies to sprout up that will offer intermediary support to monitor and manage your data privacy across.”
It’s a veritable smorgasbord of digital rights for individuals, according to Andy Teichholz, a senior industry strategist for compliance and legal at OpenText.
“People are more empowered than ever to exercise their rights, submit Subject Rights Requests (SRRs) and reclaim control of their information,” Teichholz writes. “They want to understand how their data is used and to access, correct, delete, and restrict use. To meet these data-intensive demands and overcome a scarcity of resources to support key business activities, organizations must embrace process automation for SRR response and apply case management tools that best track its performance and effectiveness.”
Jimmy Chang, the chief products officer at Workspot, is concerned that the “Great Resignation” has exposed many of the technology challenges that companies face when transitioning to a remote work environment. Treating the cloud as a force for data centralization can help alleviate those concerns.
“Over the past year, IT organizations have scrambled to get people onboarded and productive, often creating longer term security and data privacy concerns in the process,” he says. “But those solutions were often untenable to employees, who felt disconnected and unproductive. Organizations successfully balancing productivity and complying with data and security requirements are those that have embraced the cloud as a unifying global ‘datacenter’ – the public cloud.”
The ransomware epidemic of 2021 compromised the privacy of many people. That should be a lesson for us, says Pritesh Parekh, the chief trust and security officer for Delphix.
“Last year’s onslaught of attacks demonstrated the impact that it can have not only on a single person or business but on the population as a whole,” Parekh says. “Whether it’s a shortage in the food supply chain or the inability to access critical healthcare services, individuals around the world are realising that successful cyber-attacks could have serious implications for us all.”
We secure much of our private information behind passwords. But that’s a mistake, says Brian Pagano, the chief catalyst and vice president at Axway, who says we should abandon our faith in passwords.
“You can tell if an IT department is not evolving if you are required to frequently change your password (this practice has been shown to decrease security and has largely been abandoned),” Pagano says. “Keeping data private involves data-at-rest and data-in-motion as mostly ensuring that whoever is trying to access the info has the proper entitlements to that data. If privacy is a top concern, the organization should adopt a need-to-know check for any document. Prove you need this information. Keep logs and audit them randomly. This is similar to Apple’s posture. For new companies, open, fast communication is often more important than absolute privacy. Just remind team members that anything written down could appear in public—so think before you type.”
While the cloud has made IT environments less expensive, more flexible, and more scalable, it has also resulted in their data being sprawled across dozens of SaaS applications and multiple cloud services, in addition to their existing on-premises systems and many endpoints. That’s not a recipe for success, says Indu Peddibhotla, Senior Director of products and strategy at Metallic, which is Commvault’s SaaS venture.
“This data sprawl makes it difficult for IT and compliance teams to implement robust data management strategies that allow their organizations to cost-effectively comply with data privacy regulations,” he says. “However, a new class of data management as a service (DMaaS) solutions are making it possible for these IT and Compliance professionals to more easily manage this data sprawl in ways that allow them to address these data privacy challenges.”
Security, Privacy, and Governance at the Data Crossroads in ‘22
Patchwork of Data Privacy Laws Sows Confusion
Data Privacy in the CrosshairsApplications:Security Technologies:Cloud Sectors:Government Vendors:actian, Axway, Cloudera, Collibra, Commvault, Delphix, Kaseya, Metallic, Microsoft, OpenText, Quest, ThoughtSpot, WorkSpot Tags:big data, CCPA, Data Privacy Day, GDPR, governance, January 28, personal data