Data privacy laws are becoming a major concern globally as companies strive to meet new compliance obligations.
Privacy regulations generally require any business or organization to securely store any data they collect or process. What they do with this data is strictly regulated.
According to a Gartner report, some 65% of the world’s population will have their personal data covered by modern privacy regulations by the end of next year. Complying with these expanding regulations can be difficult.
Businesses have had almost free reign in the collection of personal data from electronic transactions and the growing use of the Internet over the past 20 years.
Many organizations involved in international trade need to change their procedures to comply with the new legislation. This is a priority for transactions and correspondence involving e-commerce and social media.
Growing consumer mistrust, government action and competition for customers have prompted some governments to impose strict rules and regulations. The impact changes the no-man’s-land conditions that allow businesses big and small to go wild with people’s personal data.
“By far the biggest challenge companies face is the volume of data they manage, which is also subject to ever-changing data privacy requirements,” said Neil Jones, director of evangelism at the cybersecurity at Egnyte, at TechNewsWorld.
Assortment of different requests
The EU has the General Data Protection Regulation (GDPR). In the UK and mainland Europe, data privacy is generally considered a basic human right, according to Jones. In the United States and Canada, businesses must navigate a growing patchwork of state and provincial laws.
Data privacy legislation in the US and Canada has traditionally been more fragmented than in the UK and Europe. Quebec in Canada and Utah and Connecticut in the US are among the latest to enact comprehensive data privacy laws, joining the US states of California, Virginia and Colorado.
By the end of 2023, 10% of US states will be covered by data privacy legislation, Jones noted. This lack of a universal standard for data privacy has created an artificial layer of business complexity.
Add to that, today’s hybrid work environment has created new levels of risk that have complicated compliance with a myriad of privacy issues.
What’s at stake
To improve productivity, organizations may need to ask employees detailed questions about their behavior and work-from-home arrangements. These types of questions can create their own unintended privacy impacts, according to Jones.
The recent convergence of personally identifiable information (PII) and protected health information (PHI) has also put highly confidential data at risk. This includes workers’ compensation reports, employee and patient health records, and confidential test results like Covid-19 notifications.
“With 65% of the world’s population expected to have personal data covered by privacy regulations by next year, respecting data privacy has never been more critical,” Jones said.
Cloud Privacy Obstacles
Privacy and data security are the top challenges for implementing a cloud strategy, according to a recent study by IDG, now renamed Foundry. In this study, the role of data security was a major concern.
When implementing a cloud strategy, IT decision makers or ITDMs face challenges such as cloud cost control, data privacy and security issues, and lack of skills/ cloud security expertise.
With a stricter focus on securing privacy data, this issue looms on the horizon as more and more organizations migrate to the cloud. The IDG study found that the top two barriers were privacy and data security issues, and lack of cloud security skills/expertise.
Spending on cloud infrastructure has increased by about $5 million this year, according to Foundry.
“While enterprises are leading the charge, SMBs aren’t far behind when it comes to migrating to the cloud,” said Stacey Raap, head of marketing and research at Foundry when the report was released.
“As more and more organizations move towards full cloud usage, IT teams will need the right talent and resources to manage their cloud infrastructure and overcome all cloud-related security and privacy hurdles. “, she noted.
Organizations can successfully prepare for data privacy legislation, but it requires making data privacy initiatives a “full-time job,” Jones said.
“Too many organizations see data privacy as a part-time project for their web teams, rather than a full-time business initiative that can have a significant impact on customer relationships, employee morale, and company reputation. brand,” he said.
Beyond this step comes the establishment of holistic data governance programs that provide more visibility into regulated and sensitive corporate data. Added to this is working with trusted business and technology partners who understand the data privacy space and can help you prepare for rapidly changing regulations.
Perhaps the most aggressive approach is to use an advanced privacy and compliance (APC) solution, Jones suggested. This makes it easy for organizations to comply with global privacy regulations, all in one place.
Specifically, APCs can help achieve compliance by:
- Manage personal data subject access requests (DSARs) such as the right of individuals to be informed of personal data collected about them, the right to opt out of having personal information sold to others, or the right to be forgotten by collection organizations
- Assess a company’s readiness and scope of compliance with specific regulations (e.g. GDPR, CCPA)
- Create and review third-party vendor technical assessments and assess potential risks to consumer data
- Augment cookie consent capabilities, such as integrating cookie consent into compliance workflows
Proactive due diligence
It can be difficult for businesses to understand today’s rapidly changing privacy landscape, as well as how specific regulations apply to them, Jones said. However, by taking proactive steps, organizations can stay on top of data privacy regulations in the future.
These steps include these ongoing tasks:
- Monitor the status of data privacy regulations in the countries, provinces and states where the customer lives
- Create a data privacy task force that can improve organizational direction and increase senior management focus on privacy initiatives
- Keep up to date with new federal data privacy legislation, such as the US Data Privacy and Protection Bill (ADPPA)
It’s also important to note the additional long-term benefits of data privacy compliance. This includes strengthening a company’s overall cybersecurity defenses.