33 Data Privacy Week Comments from Industry Experts in 2023
For Data Privacy Week, the editors at Solutions Review have compiled a list of comments from some of the top leading industry experts.
As part of Data Privacy Week (January 22-28) we called for the industry’s best and brightest to share their Identity Management, Endpoint Security, and Information Security comments. The experts featured represent some of the top Cybersecurity solution providers with experience in these marketplaces, and each projection has been vetted for relevance and ability to add business value.
Widget not in any sidebars
33 Data Privacy Week Comments from Experts
Chander Damodaran, CTO at Brillio
Digital adoption has taken a quantum leap, forever changing how organizations, industries, societies and people operate and behave. The pandemic accelerated the digitalization of customer interactions by several years, and there’s no turning back: we now live in an era of digital. With higher levels of digitalization, the volume of data has greatly expanded– which, in turn, has attracted new types of cybercrimes and attacks.
As more organizations become data driven, where data is used to make key business decisions rather than human intuition, it’s imperative to embrace a “data culture” that impinges on data democratization to provide unfettered, enterprise-wide data access to everyone in the organization, while ensuring data privacy controls and security are fully baked into the organization’s data strategy.
Soumendra Mohanty, Chief Strategy Officer at Tredence
Companies today face a host of data privacy issues and challenges, including a proliferation of data that needs to be protected and the rising costs that must be incurred do so, federal and local privacy regulations, the ongoing threat of cyberattacks and crime, new and advanced technologies that can be both helpful and challenging to employ, increased scrutiny and more. By understanding these issues, companies can take steps to better protect their data and improve their data privacy practices. It is imperative to prepare for the future now. More regions and states continue to add specific privacy laws and regulations– in the next year, about 65 percent of the world will have data privacy regulations in place, according to Gartner, so companies must review their business strategies when it comes to data protection and update accordingly to prevent unpleasant surprises.
If you haven’t already, take an inventory of your data and ensure your policies are up-to-date regarding data storage and sharing. Communicate internally and externally to ensure your stakeholders are aware of your data protection and offer transparency around your practices. Companies have the choice of crafting internal data privacy management policies and practices internally or engaging an organization proficient in helping companies establish such practices. While no single checklist will suit every company, solid data privacy management incorporates access control, cybersecurity planning, device security, end-user training, ongoing updates, strong password policies, secure communications, data backup, and ongoing review with nimble adjustments as needed.
Shalabh Singhal, CEO at Trademo
Producing one reasonably complex product requires tens of thousands of parts, and most of these components are sourced from a vast geographical area and an extensive network of suppliers. On top of that, these suppliers themselves outsource their material to second-tier suppliers. This chain of activities results in an increasingly complex, geographically vast, and multi-tiered supply network. Technologies such as supply chain mapping will increasingly help in discovering dependencies beyond tier-1 suppliers, identifying and eliminating toxic and dangerous raw materials; and reduce the quantity and toxicity of all emissions across the supply chain. Supply chain mapping will grow in importance in 2023 as it also helps in identifying concentration risk or compliance risk, allowing businesses to see the early warning signals, predict potential disruptions, identify supply chain bottlenecks and take proactive measures to mitigate risks, and maintain competitiveness.
Angie Tay, Group Chief Operating Officer at TDCX
It’s a challenging time for customer experience leaders, with the availability of multiple channels of communication, change in customer expectations and economic headwinds all in play. Customer acquisition and retention are becoming increasingly important, and the right customer experience strategy will help companies achieve revenue growth and profitability.
In terms of innovation, finding appropriate ways to provide convenience to the end-user, with effective ways to measure customer satisfaction will be key. With digital marketplaces integrating product experience with apps, there should be extra emphasis on how to make that integrated experience seamless and personalized. Business leaders should also increase the capabilities required for digital trustworthiness whether it is privacy protection or data security. Artificial intelligence and automation will play an important role in delivering better service and increased productivity and these areas should be leveraged.
Aron Brand, CTO at CTERA
After many years of near-zero interest rates and workforce shortages, the tide has turned, and in 2022 we have seen the start of a dramatic shift in the business landscape. As we enter 2023, capital is going to be much more expensive, and interest rates will continue to rise, resulting in the increasingly attractiveness of low CAPEX, high OPEX business models, such as cloud computing and software-as-a-service. With the deflation of the bubble, many companies will be forced to downsize or even close their doors, but those that have made the shift to cloud-based models will be better-positioned to weather the storm, due to the inherent elasticity and flexibility of the cloud.
Noam Shendar, Vice President of Business Development at Zadara
In 2022, the hyperscalers’ progress in edge computing initiatives was underwhelming, and it is leaving room in 2023 for upstarts to gain an edge. Despite the overall decrease in venture capital and private equity funding events, edge computing players will continue to see investment money pouring in over the course of 2023. There will be edge M&A activity as the technology matures and presents a credible alternative to hyperscale clouds.
Raveesh Dewan, CEO at Joget
Systems built in the last 20 years are coming to a point where the resource requirements are prohibitive. The risk of still running those systems, and the need for business change will push many of these systems over the edge resulting in significant demand for rebuilding new ones. With various government agencies and larger organizations across the globe, the starting point of service requests will move out of the hands of processors and into the consumer’s hands. The journey has already started with self-service systems, and it will continue for the next few years.
New systems will be a collection of smaller applications working harmoniously for better risk management and future outlook. Gone are the days when we implemented large ERP-like systems. In the next few years, moving fast will be a competitive advantage and that will happen by virtue of building a large system with smaller applications that have their own independent life cycle and adding new ones to the ecosystem can happen seamlessly.
Ken Barth, CEO at Catalogic Software
Digital transformation initiatives will continue to be a top corporate priority for 2023 given the early results in improving operational quality, scalability, and lowering costs. DevOps and agile processes in support of digital initiatives are in turn driving the usage of containers, with Kubernetes as the de-facto container orchestration and management platform. As these dynamic applications based on Kubernetes move into production and generate business-critical data, the data generated by these workloads needs to be backed up for business continuity and compliance purposes.
In 2023, organizations will adopt a multi-cloud Kubernetes strategy for flexibility, security, and cost savings. Given the public clouds like AWS, Azure and Google Cloud are highly available and reliable, DevOps and IT Ops teams may believe that their data is safe and secure in the cloud, such that they don’t need to do backups. Your data is always your responsibility, whether it is in a public cloud, in a SaaS application, or on-premises, especially for meeting regulatory and compliance policies. It would be foolish in today’s world of geo-political disruptions, natural disasters, and security breaches to not also follow the data protection best practices for cloud workloads that you follow for on-premises ones.
Alec Nuñez, Director of Business Compliance at Poll Everywhere
Data Privacy Day (January 28) commemorates the 1981 signing of Convention 108, the first international, legally binding treaty focused on privacy and data protection. This day is celebrated all over the world—and for very important reasons. The speed at which technology has, and will continue to, advance has inherently increased the importance of focusing on data privacy for any organization; protecting both company and customer data has always been a top priority, and while many companies continue to deploy new solutions to safeguard data, malicious actors still find new ways to access and steal sensitive data. Protecting this data is more important now than ever.
The number one issue when it comes to data privacy is the lack of education and guidance for an organization’s team. Human error has been and will continue to be the number one cause of data security issues; there is no competition. Companies can significantly minimize the impact of it by crafting best practices and creating training programs for the handling of data with the intent that it become second nature for all. The principle of least privilege is a substantial foundation all companies can establish when it comes to mitigating data security risks. This concept states that a user or entity should only have access to the data, resources, and applications required to execute a task. In other words, only provide individuals access to what they actually need. This is a basic idea to implement, but it will have a huge impact, permeating your organization’s system.
Almog Apirion, CEO and Co-Founder at Cyolo
Data Privacy Day aims to increase awareness over the need to protect employee and customer data while adhering to regulatory laws such as GDPR or CCPA. Even if newer regulations are highlighting today’s major need for data protection, this is not something new – in fact, the first legally binding international privacy and data protection treaty, Convention 108, was signed well before today’s regulations in 1981. Because of our greater reliance on digital technology to govern most of both individual and organization facets, it is important to reconsider what, when and where as well as with whom it is shared with others. Data Privacy Day is a component of the worldwide “STOP. THINK. CONNECT.” campaign for online privacy, security and safety.
Strong data privacy is more critical than ever– particularly in response to the recent growth of cyberattacks and the expansion of data perimeters due to hybrid work. One way of mitigating today’s vulnerabilities is to provide rigorous identity-based access control. To safeguard themselves, enterprises’ collaboration and communications tools require a robust zero-trust framework to protect all forms of user data. Identity-based access control enables businesses to strengthen their security posture while also gaining visibility and control over their most critical systems. The reality is that hackers today don’t break in, they log in. Enterprises can get complete control and visibility of their entire IT infrastructure while mitigating against advanced threats by implementing a modern zero-trust solution and adopting stringent authentication requirements. As more risks emerge, organizations will be more prepared than ever to counter threats and safeguard data and business-critical infrastructure.
Carl D’Halluin, CTO at Datadobi
A staggering amount of unstructured data has been and continues to be created. In response, a variety of innovative new tools and techniques have been developed so that IT professionals can better get their arms around it. Savvy IT professionals know that effective and efficient management of unstructured data is critical in order to maximize revenue potential, control costs, and minimize risk across today’s heterogeneous, hybrid-cloud environments. However, savvy IT professionals also know this can be easier said than done, without the right unstructured data management solution(s) in place. And, on Data Privacy Day we are reminded that data privacy is among the many business-critical objectives being faced by those trying to rein-in their unstructured data.
The ideal unstructured data management platform is one that enables companies to assess, organize, and act on their data, regardless of the platform or cloud environment in which it is being stored. From the second it is installed, users should be able to garner insights into their unstructured data. From there, users should be able to quickly and easily organize the data in a way that makes sense and to enable them to achieve their highest priorities, whether it is controlling costs, CO2, or risk– or ensuring end-to-end data privacy.
Don Boxley, CEO and Co-Founder at DH2i
The perpetual concern around data privacy and protection has led to an abundance of new and increasingly stringent regulations around the world. According to the United Nations Conference on Trade and Development (UNCTAD), 71 percent of countries now have data protection and privacy legislation, with another 9 percent having draft legislation. This increased scrutiny makes perfect sense. Data is being created and flowing not just from our business endeavors, but countless personal interactions we make every day – whether we are hosting an online conference, making an online purchase, or using a third party for ride-hailing, food delivery, or package transport.
Today, as organizations endeavor to protect data — their own as well as their customers’ — many still face the hurdle of trying to do so with outdated technology that was simply not designed for the way we work and live today. Most notably, many organizations are relying on virtual private networks (VPNs) for network access and security. Unfortunately, both external and internal bad actors are now exploiting VPN’s inherent vulnerabilities. However, there is light at the end of the tunnel. Forward looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity– the Software Defined Perimeter (SDP). This approach enables organizations to build a secure software-defined perimeter and use Zero Trust Network Access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT– without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organizations can ensure safe, fast and easy network and data access; while ensuring they adhere to internal governance and external regulations compliance mandates.
Steve Santamaria, CEO at Folio Photonics
It is no secret that data is at the center of everything you do. Whether you are a business, a nonprofit, an educational institution, a government agency, or the military, it is vital to your everyday operations. It is therefore critical that the appropriate person(s) in your organization have access to the data they need anytime, anywhere, and under any conditions. However, it is of the equal importance that you keep it from falling in the wrong hands.
Therefore, when managing current and archival data, a top concern must be data security and durability, not just today but for decades upon decades into the future. The ideal data storage solution must offer encryption and WORM (write-once, read-many) capabilities. It must require little power and minimal climate control. It should be impervious to EMPs, salt water, high temps, and altitudes. And, all archive solutions must have 100+ years of media life and be infinitely backward compatible, while still delivering a competitive TCO. But most importantly, the data storage must have the ability to be air-gapped as this is truly the only way to prevent unauthorized digital access.
Surya Varanasi, CTO at Nexsan
Digital technology has revolutionized virtually every aspect of our lives. Work, education, shopping, entertainment, and travel are just a handful of the areas that have been transformed. Consequently, today, our data is like gravity – it’s everywhere. On Data Privacy Day, we are reminded of this fact, and the need to ensure our data’s safety and security. Fortunately, there are laws and regulations that help to take some of the burden off of our shoulders; such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA).
However, some of the responsibility remains on our shoulders as well as those of the data management professionals we rely upon. Today, it would be extremely challenging to find an organization (or an individual for that matter) that isn’t backing up their data. Unfortunately however, today that just isn’t enough. Cyber criminals have become increasingly aggressive and sophisticated, along with their ransomware and other malware. And now, the threat isn’t just that they will hold your data until payment, cyber criminals are now threatening to make personal and confidential data public, if not paid. It is therefore critical that cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.
This can be accomplished with an advanced Unbreakable Backup solution, which creates an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about the protection and privacy of their data, and instead focus their expertise on activities that more directly impact the organization’s bottom-line objectives.
Andrew Russell, Chief Revenue Officer at Nyriad
Data Privacy Day serves as a great reminder of the value and power of data. In addition to your people, data is without question the most strategic asset of virtually any organization. Data and the ability to fully leverage, manage, store, share, and protect it, enables organizations to be successful across virtually every facet – from competitive advantage, to innovation, the employee experience, and customer satisfaction, to legal and regulations compliance competency.
Consequently, savvy data management professionals recognize that while a storage solution that is able to deliver unprecedented performance, resiliency, and efficiency with a low total cost of ownership is priority number one to fully optimize data and intelligence for business success; they likewise need to ensure they have the ability to protect against, detect, and restore data and operations in the event of a successful cyber-attack in order to protect their data, for business survival.
Brian Dunagan, Vice President of Engineering at Retrospect
Every organization, regardless of size, faces the real possibility that they could be the next victim of a cyberattack. That is because today’s ransomware, which is easier than ever for even the novice cybercriminal to obtain via ransomware as a service (RaaS), strikes repeatedly and randomly without even knowing whose system it is attacking. Ransomware now simply searches for that one crack, that one vulnerability, that will allow it entry to your network. Once inside it can lock-down, delete, and/or abscond with your data and demand payment should you wish to keep your data private and/or have it returned.
As an IT professional, it is therefore critical that beyond protection, steps be taken to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover. A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. In order to ensure its benefit,, users must be able to tailor the backup solution’s anomaly detection to their business’s specific systems and workflows; with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.
Peter Kreslins, CTO at Digibee
When reviewing data privacy and cybersecurity, it’s important to consider integrations and create an enterprise integration strategy including data privacy and security procedures and technologies, which are critical requirements for governance, compliance and customer trust. An integration platform solution such as an enterprise integration platform as a service (eiPaaS) includes a dashboard enabling transparent and comprehensive monitoring and reporting of the data privacy and security of every integration, rather than laborious and time-consuming review of log files. You also can encrypt all data passing through the integrations and the platform so that data cannot be breached to expose personally identifiable information.
George Waller, Co-Founder and EVP at Zerify
The most valuable commodity today is data. With data, you have identities, corporate information and proprietary health care details, and 2023 will only lead to an explosion of more data as more companies rely on video conferencing. Video conferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, attorneys and many others. Organizations use video conferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. Almost all of that data falls under one of the compliance regulators because it’s considered sensitive, confidential or even classified. A loss of data like that could be catastrophic for a company, its employees, its clients and its customers. According to the latest IBM breach report, the average size of a data breach in the U.S. is now $9.44 million, and 60 percent of small businesses go out of business within six months of a data breach.
Tilo Weigandt, COO and co-founder of Vaultree
A zero-trust framework powered by AI and machine learning is not the only solution to best protect your data privacy. Other approaches include using encryption, implementing strict access controls, and regular monitoring and auditing systems. It is important to note that data privacy is a complex issue and there is no one-size-fits-all solution. Organizations should consult experts to determine the best approach for their specific needs and requirements, especially with data privacy rules certain to get more strict. State-level momentum for privacy bills is at an all-time high to regulate how consumer data is shared. Recent developments such as the California Privacy Rights Act, the quantum computing security legislation, and Virginia Consumer Data Protection Act clearly show that protecting consumer privacy is a growing priority in the U.S.
Dan LeBlanc, CEO at Daasity
Consumer brands collect mountains of consumer data. Not only are data leaks and data theft major issues, but hackers gaining access to operational or business intelligence tools is a risk as well.
When a consumer brand takes orders directly from customers, data is collected at multiple stages—during ordering, fulfillment, and servicing of accounts. This data can live across several platforms, and it’s typically ingested and stored in a central database for analytics. Each of these platforms poses a risk that someone can steal login information or a password and export customer data. This isn’t some sophisticated hack but a simple, “I got your password and was able to login.”
To prevent this, companies must ensure that all their systems have some two-factor or multi-factor authentication (TFA/MFA) turned on, that access controls are in place to restrict unauthorized individuals from certain internal tools and data, and that sensitive data is masked via anonymization or tokenization. With several layers of defense in place, make it harder for a hacker to export all your customer information into an excel spreadsheet.
Yossi Appleboum, CEO at Sepio
Corporations will need to be aware of the risk level that assets pose and handle them by ascribing an “asset risk factor score” to each device on the network. Hardware assets – i.e., wireless combo keyboards and mice, which are known to be vulnerable — can easily be used to sniff out and capture sensitive data. There are multiple data leakage options using hardware assets that bypass existing security solutions (i.e., capturing a user screen by running an HID scripting tool and exfiltrating the information through public comments to video platforms).
Wendy Mei, Head of Product and Strategy at Playsee
Developing an engineering team to enhance social-media AI technology and scan for spammer activity or illegal content is an important data-privacy undertaking. But you can’t leave it all to the algorithms. Building and improving a real, human team to constantly monitor and review content will assist users in reporting what makes them uncomfortable– to an actual person who has feelings, too.
Having to answer, ‘What is your birthday?’ may seem intrusive but is vital for platforms to provide a safer environment and experience for younger users. And that’s just the first step. Going further, deep and deliberate development of AI and a dedicated content review system will ensure that all posts follow strict guidelines. Content moderation, especially on social media, will continue to innovate its tech stack to better protect children.
Cindi Howson, Chief Data Strategy Officer at ThoughtSpot
In a digital economy, we are creating, capturing, and sharing more personal data than ever before. Companies rely on customer data more than ever to create actionable insights to personalize services, operate more efficiently and drive business growth. We’re living in the “decade of data”– and with this comes, of course, the decade of data privacy.
Privacy now extends far beyond protecting ourselves physically and encompasses everything we do or interact with digitally: our online footprint, often referred to as our digital twin. We’ve seen a raft of high-profile data breaches in the spotlight this past year which has fueled public concern around data privacy. As companies become more data dependent, customers become even more reluctant to share data while citizens remain woefully ignorant about data collected on them. It is this tension and misalignment that needs to be properly addressed in order to unlock data’s full potential.
Those working with customer data within any business need to be vigilant about how personal data is collected, stored, and used, as well as the implications of failing to handle this data correctly. Behind this data are real people, many of whom will not hesitate to take their business elsewhere should their data be lost or exposed. Ensuring data privacy is not just a technology issue, it’s also about company culture, process, and controls. And with analysts now able to extract increasing amounts of data from even more internal and external sources, ensuring data privacy must be part of an organization’s DNA. Dumping data from analytics tools to spreadsheets remains a weak link. Nowadays, laws and regulations such as GDPR and CCPA place stricter requirements on organizations, while giving individuals more access and rights around their data. Data Privacy Day, and the extended Data Privacy Week, is our opportunity, as businesses and data leaders, to bring awareness to those persistent knowledge gaps, take a closer look at best practices around data, and open up the conversation around data privacy and protection.
Rebecca Krauthamer, Co-Founder and CPO at QuSecure
Ahead of Data Privacy Day January 28, it is advisable that federal agencies, commercial organizations and other infrastructure providers begin to immediately assess potential vulnerabilities in their current encryption and cybersecurity practices and start planning for post-quantum encryption. Some believe that building a quantum computer powerful enough to break encryption is a decade or more away. Others believe it’s already too late. While quantum computers powerful enough to crack RSA are not yet available, hackers are seizing and storing sensitive data knowing they will be able to use quantum technology to access it soon.
We know that well-funded hacking organizations and governments are constantly working on novel ways to accelerate quantum development including advance error correction, combinations of individual quantum processors, and advanced physical architectures to become the first to wield the power of quantum decryption. We are most likely closer to more quantum power and the subsequent associated threats to standard encryption than expected. Every day we don’t convert our security posture to a quantum-safe one, there’s no recovering from the damage that will be done.
Kelly Ahuja, CEO of Versa Networks
As Data Privacy Day approaches January 28, we need to be reminded that users are connecting from everywhere to systems and applications via private and public clouds, dissolving the enterprise perimeter. They are also connecting devices such as phones, tablets and laptops, to both their work and home networks, ultimately, blurring the divide which was once there. The expanding attack surface is providing the perfect entry point for threat actors. Once they have penetrated the perimeter, threat actors can move laterally across the network, accessing sensitive data and exfiltrating it before security teams have even had time to react. With hybrid work becoming the new normal and the increasing demand for Internet of Things (IoT) devices, the traditional approaches to cybersecurity and data protection are no longer sufficient.
Essentially, the next major data breach could start from someone’s home tablet or laptop. There is a clear problem when it comes to security in the remote working world, however, it is pointless securing networks if that solution hampers both connectivity and performance. Companies need to take a closer look at deploying Secure Access Service Edge (SASE) technologies that ensure the entire network is visible, including all connecting remote workers and IoT devices. SASE also ensures networks are segmented, restricting the movement of malware and allowing security teams to quickly locate, detect and mitigate cyberattacks.
Eve Maler, CTO at ForgeRock
This Data Privacy Week, it’s critical to pay close attention to the increased use of artificial intelligence (AI) in the age of social media. Consumer-accessible AI is increasingly making its way into popular social media sharing applications. For instance, enhancing self portraits with AI to then share with followers on social media is the latest trend in photo editing applications. However, in doing so, consumers are handing over biometrically-significant data — a dozen or more photos of your face — to an unknown third party. The service’s privacy policy, security protections, AI model particularities, and trustworthiness gain new importance in light of the need to share so much data.
Biometrics have special requirements when it comes to keeping personal data safe and secure. Service providers need to make ethical management of biometric data a guiding principle. Pay special attention to meaningful user consent and to oversight of data management. Performing facial recognition also exposes the service to a wealth of derivable personal data, such as age, gender, ethnicity, and health. Decentralized device-based storage of biometric data is always safest.
Molly Presley, SVP of Marketing at Hammerspace
With global rules governing how data should be stored, used, and shared, combined with escalating data losses, explosive personal data growth, and customer expectations, addressing data privacy is now an obligatory business requirement. However, as organizations expand and navigate compliance and legal requirements in the rapidly evolving age of big data, AI/ML, and government regulations, the existing processes surrounding data privacy need to evolve to 1) automate processes and 2) scale to meet increasingly complex new challenges.
Privacy and security concerns increasingly impact multiple vertical markets, including finance, government, healthcare and life sciences, telecommunications, IT, online retail, and others, as they quickly outgrow legacy data storage architectures. As a result, there is increasing pressure to develop and implement a data strategy and architecture for decentralized data that is more cohesive, making access to critical information simplified and secure.
To protect the organizations’ and individual users’ sensitive data, organizations must take the steps necessary to control how data is shared and eliminate the proliferation of data copies outside the controls of IT security systems. Accelerating IT modernization efforts while managing the ever-increasing volumes of data requires a data solution that simplifies, automates, and secures access to global data. Most importantly, to ensure data privacy and secure data collaboration, a data solution must be able to put data to use across multiple locations and to multiple users while simplifying IT Operations by automating data protection and data management to meet policies set by administrators.
Nick Hogg, Director of Technical Training at Fortra
With the rise of remote working, sharing sensitive files is now taken for granted. Therefore, awareness days and weeks, like Data Privacy Week, are a great way to remind organizations and their stakeholders of the importance of storing and handling data properly.
It’s essential for organizations to re-evaluate their security awareness and compliance training programs to move away from the traditional once-a-year, ‘box-ticking’ exercises that have proven to be less effective. The goal is to deliver ongoing training that keeps data security and compliance concerns front and center in employees’ minds, allowing them to better identify phishing and ransomware risks, as well as reducing user error when handling sensitive data.
They will also need to use digital transformation and ongoing cloud migration initiatives to re-evaluate their existing data loss prevention and compliance policies. The goal is to ensure stronger protection of their sensitive data and meet compliance requirements, while replacing complex infrastructure and policies to reduce the management overhead and interruptions to legitimate business processes.
Wade Barisoff, Director of Product, Data Protection at Fortra
As new states contemplate their own flavors of data privacy legislation, the only consistency will be the fact that each new law is different. We are already seeing this now; for example, in California, residents can sue companies for data violations, whereas in others it’s their attorney general’s offices that can impose the fines. In Utah, standards apply to fewer businesses compared to other states. As each state seeks to highlight how much they value their citizens’ rights over the next, we’ll see an element of (for example), ‘What’s good for California isn’t good enough for Kansas’ creep in, and this developing complexity will have a significant impact on organizations operating across the country.
Before GDPR there were (and still are) many different country laws for data privacy. GDPR was significant, not because it was a unifying act that enshrined the rights of people and their digital identities to govern how their data could be handled, but it was the first legislation with real teeth. Fines for non-compliance were enough to force companies into action.
So far, five states have (or will have) individual laws, but there are 45 more yet to come. The amount of money and time companies will spend enacting the proper controls for these individual privacy laws fuels the argument for a more unified national approach to data privacy standards, as the penalties for non-compliance are significant. Also, as states begin to increase the demands on business, usually without fully understanding the technology landscape and how businesses work with shared and cloud-based technologies, there’s a potential that companies will be forced to make the decision not to conduct business in certain areas. A national approach would allow businesses to tackle data privacy once, but as it stands, with the federated states model, doing business within the U.S. is likely to get more complicated and expensive.
Jeff Sizemore, Chief Governance Officer at Egnyte
Data Privacy Day reminds us that personal privacy is being viewed more and more as a global human right– by 2024, it’s predicted that 75 percent of the world’s population will be protected under modern data privacy regulations. We will continue to see data privacy gain significant traction across industries and business disciplines, such as with personal financial data rights. Company trust will increasingly have a larger impact on customers’ buying decisions as well.
In the U.S., five states (California, Virginia, Colorado, Connecticut and Utah) have already enacted or plan to enact data privacy legislation this year. And the movement toward a federal law is only a matter of time, as we have seen positive momentum with the American Data Privacy and Protection Act (ADPPA). Without a doubt, as government entities and regulatory bodies show increased interest in data privacy, we can anticipate stronger enforcement mechanisms. Enforcement of regulations will become more strict, with fines and litigation for noncompliance expected to increase.
There’s no time like the present to prepare for these business-impacting regulations, especially with more on the horizon. Organizations can take proactive steps like keeping data privacy policies up-to-date and gaining visibility into structured and unstructured data. Ultimately, companies that respect data privacy and understand the short- and long-term benefits of compliance will be well-positioned for the future.
Christopher Rogers, Technology Evangelist at Zerto
In 2023, data is the most valuable asset any company owns. Whether it’s the organization’s own data or its customers,’ the potential loss of revenue should this data be compromised is huge. Therefore, the primary concern for all businesses should be protecting this asset.
Unfortunately, in the golden age of cybercrime, data protection is not such an easy task. In 2022, an IDC report, ‘The State of Ransomware and Disaster Preparedness’ found that 83 percent of organizations had experienced data corruption from an attack, and nearly 60 percent experienced unrecoverable data as a result. While it’s clear there is a dire need for more effective data protection, it is also crucial that businesses have disaster recovery solutions in place should the worst occur.
When it comes to ransomware, the biggest financial killer is the downtime. Therefore, having a disaster recovery solution based on continuous data protection (CDP) in conjunction with backup is vital to equip companies with the ability to be resilient in the face of potentially catastrophic circumstances. Companies using CDP can limit downtime and restore operations in a matter of seconds or minutes, rather than days or weeks.
This Data Privacy Day, I want to encourage businesses to not only look at what they can be doing to protect themselves but also what solutions they have in place to recover should disaster strike.
Tomer Shiran, CPO and Co-Founder of Dremio
Data privacy is a fundamental human right and is becoming increasingly important in the digital age as more personal information is collected, stored, and shared online. Organizations have a responsibility to protect the data privacy of individuals and ensure that personal information is handled in a responsible and ethical manner. Data privacy laws, like GDPR in the European Union and California’s CCPA, have been put in place to give individuals more control and to hold organizations accountable for data breaches and mishandling of personal information, but data privacy is a constantly evolving field. A data lakehouse should be designed with privacy in mind, processing organizational data on the customer’s premises and never storing it anywhere in the lakehouse’s infrastructure. This reduces data proliferation dramatically and helps organizations use their existing controls to safeguard their own data and their customers’ data.
Frank Baalbergen, Chief Information Security Officer at Mendix
No-code and low-code technologies are continuing to gain traction throughout the enterprise. Gartner predicts that by 2025 70 percent of new enterprise applications will be created in low-code development environments, up from just 25 percent in 2020. Nevertheless, data privacy and security leaders often worry about losing visibility and control when implementing low-code solutions. Low-code application platforms, such as Mendix, integrate governance into all applications to provide a secure environment you can count on to remain competitive. When data governance is proactively implemented, everyone’s privacy will be better protected, so low-code adoption shouldn’t be deterred by concerns about data privacy and regulatory compliance as low-code application platforms, such as Mendix, support your business from the get-go.
Widget not in any sidebars