Cloud Data Privacy Roadmap Part 1: Data Privacy Laws & the State of Governed Data Privacy
After decades of indiscriminately sharing their personal data, people are progressively becoming acutely aware of the ways that their private data is being used, and in many cases, abused. It is no longer surprising to see media headlines discussing the volume and brazenness of the latest corporate data breaches. At the same time, individuals are becoming more attentive to corporate terms of service dictating the different ways that accumulated personal information may be used.
Concerns about the risks associated with data breaches and unauthorized or unexpected use of personal/private information have motivated the emergence of data privacy and consequently, data protection as a regulatory issue. The debate about legislative data privacy is not new. In the United States, the Privacy Act of 1974 mandated practices governing the collection, use, and sharing of individual data maintained in systems managed by federal agencies.1 Almost fifty years later, though, the rampant collection and use of individuals’ data has inspired increased action. In recent years, the definition, approval, and enactment of global data privacy laws has accelerated; according to the United Nations Conference on Trade and Development, “137 out of 194 countries had put in place legislation to secure the protection of data and privacy.”2
Protection of data privacy is no longer just a concern driven by expectations for customer experience. Today, the more significant driver for ensuring against unauthorized data exposure and use is compliance with the many data privacy laws. But if the proliferation of data privacy laws were not enough, data protection initiatives are complicated even more as organizations are migrating their data and applications to the cloud. With data assets potentially distributed among a hybrid multicloud environment, there are boarder implications for data governance policies and practices addressing data privacy in the cloud.
In this roadmap, we will survey the current landscape of data privacy and its implications for cloud data management. First, we discuss some data privacy fundamentals, and then examine and compare a sampling of different data privacy laws. The roadmap then elaborates on some key data protection challenges, and finally enumerates cloud data privacy and security best practices.
