Ad Image
Cloud Data Privacy Roadmap Part 2: Data Privacy Fundamentals

Cloud Data Privacy Roadmap Part 2: Data Privacy Fundamentals

- by David Loshin, Expert in Data Management

Laws governing the collection, storage, use, and sharing of information are generally intended to provide assurance to certain parties that their sensitive data is being appropriately managed and stewarded by corporate organizations. These laws typically grant the protected parties rights and privileges to direct control about what data may be collected and how that collected data may be used and shared.  

It is useful to establish a shared vocabulary to better understand the implications that laws with data protection provision have on an organization’s data management practices and corresponding data governance policies. This vocabulary is useful for comparing, contrasting, and consideration operationalizing compliance in the remainder of the roadmap, and includes: 

  • The data subject, who is the party whose data is to be protected. 
  • The data controller, which is the organization that determines what data is being collected and for what purposes that data may be used. 
  • A data processor is a party that act son behalf of the data controller to process protected data. 
  • Data subject privileges and rights, particularly associated with directing what data may or may not be used, which data may be shared, and directives for controlling that data (e.g., requiring that the data subject opt-in to allow for data use as opposed to requiring the data subject to explicitly opt-out from the data controller’s intended uses).  
  • The types of protected data, which can range from just the basic information used to identify an individual to a wide variety of data attributes, characteristics, transaction histories, and even inferences based on analyses of stored information. 
  • The types of exempted data, which are data attributes that are not included within a data protection law. 
  • The types of covered acts, such as collecting data, processing data, automated profiling, behavioral-based advertising, etc. 
  • The mode associated with data subject consent (opt-in vs. opt-out). 
  • Obligations that are imposed on data controllers and data processors, such as specifying the purposes of data collection, transparency about how data is being used, management of data subject consent, and breach notification. 
  • Exempt scenarios for lawful use, which describe situations in which the law’s obligations for data protection are overruled. Some examples include processing for the performance of an agreement or contract, protecting the interests of either the data subject or another entity, or for compliance with other legal obligations such as a criminal investigation.  

Interestingly, the interplay of all these facets of a law mandating the protection of an entity’s sensitive information can lead to perceived conflicts. For example, can a data subject request deletion of identifying information collected during a purchase transaction that is necessary for processing a product’s purchase and ensuring its proper delivery?  

That being said, ensuring compliance is more complicated when considering the growing number of distinct data privacy and data protection laws, especially when there are variant specifications and definitions for the listed vocabulary terms. Compliance is further hampered by the continued distribution of increasing data volumes across an expanding hybrid cloud data landscape. 

David Loshin

Expert in Data Management

Recognized worldwide as an information management thought leader, David has popularized best practices for business intelligence, data governance, performance computing, master data management, predictive analytics, and data quality. David is a monthly columnist for TechTarget and frequently presents at The Data Warehousing Institute World Conferences, Enterprise Data World, the Data Governance and Information Quality conferences, and web-based seminars.

Latest posts by David Loshin (see all)

Expert in Data Management

Tagged

Top Posts & Pages

  • The Future is Now: It’s Time to Lead, Not Wait to React

    The Future is Now: It’s Time to Lead, Not Wait to React

  • Data as a Business Weapon: How Your Competitors Are Using Data to Crush You and How You Can Fight Back

    Data as a Business Weapon: How Your Competitors Are Using Data to Crush You and How You Can Fight Back

  • From AI to Digital Transformation: The AI Readiness Framework

    From AI to Digital Transformation: The AI Readiness Framework

  • Should the Data Governance Manager be Responsible for Implementing an MDM Tool?

    Should the Data Governance Manager be Responsible for Implementing an MDM Tool?

  • AI is More Than ChatGPT

    AI is More Than ChatGPT

  • Finding Gold in the Glitches

    Finding Gold in the Glitches

  • From the TARDIS to the Bowling Alley: How Would Fiction’s Greatest Heroes & Villains Judge Our Real-World AI Revolution?

    From the TARDIS to the Bowling Alley: How Would Fiction’s Greatest Heroes & Villains Judge Our Real-World AI Revolution?

  • How Lotus 1–2–3 Changed the World

    How Lotus 1–2–3 Changed the World