28 January 2023 is Data Privacy Day – “an international effort to create awareness about the importance of respective privacy, safeguarding data, and enabling trust.” The Council of Europe marks 28 January as Data Protection Day marking Convention 108, when the Council’s data protection convention was opened for signature.
Jennifer Huddleston, technology policy research fellow with the CATO Institute, opines: “The policy debate over data privacy may be less prominent in headlines than other tech policy topics, but it remains critically important to both innovators and consumers.”
Brian Spanswick, global CISO and head of IT at Cohesity says World Data Privacy Day is an excellent opportunity for citizens and organisations to take stock of their data management and security practices: namely, who is trusted to manage that data?
He goes on to suggest asking questions like: How is my data stored? Is it secured? Can it be recovered if attacked? Is the data encrypted in transit and at rest, and is your data backup immutable?
“By asking these questions you will be able to identify where gaps exist and areas that need to be addressed,” he posited.
What regulation has significantly impacted how organisations engage their employees, partners, suppliers and customers since 2020?
Acronis’ senior technology director, Alexander Ivanyuk, says since its enforcement after 2018, GDPR has been felt as more penalties get doled out. He said similar local/national efforts are starting to take shape.
He cited amendments to safeguard personal data better in Singapore’s Personal Data Protection Act 2012. “It really depends on what kind of data you work with and where your customers may reside or which country they belong to,” he added.
For his part, Garrett O’Hara, chief field technologist at Mimecast, noted that across Asia-Pacific several countries have been initiating different data privacy laws and regulations.
“Different markets have their own flavour, unique requirements, and objectives. Key regulations which have created an impact include Hong Kong’s Personal Data (Privacy) Amendment Ordinance 2021 which aims to combat doxxing acts that are intrusive to personal data privacy,” he added.
How should organisations align their data privacy policies as they move to (1) deepen customer engagement, and (2) enhance employee engagement?
O’Hara pointed out that with data privacy laws establishing higher standards for how organisations manage information, it has become increasingly important for them to ensure that the data which they collect, process, use and store about individuals have their explicit consent.
“Organisations need to respond quickly to inquiries from individuals about their personal information and be able to eliminate it if requested. They should implement data privacy solutions, like cloud-based email management services, to achieve a granular level of data privacy management.”
Garrett O’Hara
He added that data privacy regulations have been incredibly important in improving data protection standards, and organisations need to ensure they are compliant and have all the processes, tools, and systems in place to always work protected and better manage all the data they collect and store.
“By doing so, organisations can build and maintain high levels of trust that can improve their relationship with customers and employees,” he continued.
Ivanyuk suggests taking GDPR requirements as the rule of thumb and applying them to internal and external people.
“Always remember that different counties have slightly different regulations and if you work globally they may affect you. It is always good to double-check that,” he opined.
What are your top priorities in 2023 around data privacy protection?
According to Ivanyuk, Acronis is finishing the transition to zero trust access to corporate resources and data. This is an additional useful layer of protection that minimizes potential issues with private data.
“Externally, we continue to enhance our Cyber Protect proposition, and its Advanced DLP pack in particular to offer more features and instruments for granular yet easy work with confidential data, including PII and similar private information.”
Alexander Ivanyuk
“We continue to work on smaller local compliance regulations adding these to those major ones already achieved in the European Union, the US, and other major markets,” he added.
Garrett revealed that Mimecast is expanding its understanding of privacy beyond a limited programmatic focus on regulatory compliance, rather than seeing it from the customer’s point of view as important.
“Refining email management is essential as emails play an important role in privacy compliance with email marketing getting a significant amount of attention for collecting, storing, and using consumer data, and for requiring opt-ins and enabling opt-outs.
“Also, having privacy regulations that give consumers the right to data subject requests, will allow them to access, correct or delete the data that companies have about them,” he continued.
How do you intend to achieve these priorities?
O’Hara acknowledges that for businesses that operate globally, compliance with consumer privacy regulations is essential and meeting customer expectations on how their data is used is key.
“Building a more robust data privacy strategy is crucial and this can start with product design and evolve to touch all areas of the business where privacy and customer data interconnect.
“Mimecast focuses on this strategic approach which proves to be a competitive differentiator putting customer privacy front and centre in the user experience and giving consumers clear choices about data sharing,” he concluded.
For Ivanyuk, he conceded that the strategy involves well-planned work with proper resource allocation and tough but achievable deadlines.
Spanwick admonishes organisations to prioritise the adoption of technology platforms that help them protect, secure and recover their data regardless of whether it’s stored in an on-premises, hybrid, or multi-cloud environment.
“Don’t let World Privacy Day be another day where managing and securing your data is pushed to be a problem for tomorrow, instead start reviewing where, what, and whom you trust with keeping your data safe possible."
Brian Spanswick