February 26, 2020 By Joanne Godfrey 3 min read

Modern privacy regulations are founded on a variety of principles going back to 1890 that sought to protect citizens from “yellow journalism.” Over the following years, governments enacted legislation that sought to respect an individual’s right to privacy, including their image and their correspondence.

Following an uptick in data breaches over the past few years, there has been a resurgence of concern around data privacy that has resulted in a spate of new regulations, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) and the Lei Geral de Proteção de Dados Pessoais (LGPD). As a result, organizations are now scrambling to figure out the processes and controls needed to support specific compliance requirements and protect the personal data they store, in part because those requirements have specific due dates, potential fines and punitive implications.

Data Privacy Is the New Strategic Priority for Organizations

According to a recent study from Forrester Research commissioned by IBM, 75 percent of organizations identify data privacy as a strategic imperative, yet only 28 percent of survey respondents have complete confidence in their ongoing ability to comply with emerging data privacy regulations. Among the top barriers to sustained compliance are, in fact, attempts to address data privacy compliance in a piecemeal approach as well as ambiguity as to what it means to be compliant. Moreover, the rate of change is overtaking the capacity to respond and maintain data privacy compliance.

Those organizations that do have heightened confidence in their ongoing ability to achieve data privacy compliance follow three key tactics, according to the survey. They take a holistic, proactive approach to compliance; utilize automation tools to simplify and streamline data risk assessments, protection and breach response; and they supplement internal expertise with external partners to help accelerate, scale and execute on their data privacy programs.

Download the Forrester Research report, “Data Privacy Is The New Strategic Priority”

Protecting Personal Data Is a Journey

The reality is that compliance is a journey for organizations that take a strategic approach to data privacy and protection. This journey should start with an assessment of the data risk landscape. This includes reviewing and updating data governance standards and policies, visualizing and mapping how and where the organization’s data is stored and how it flows and is shared across the organization, as well as assessing existing data security, risk and privacy controls and their capabilities.

The next stage of the journey utilizes automation to classify sensitive personal data across the organization, including on-premises and cloud data stores around the globe. As part of this process, it’s important to be able to identify high-risk databases and existing data access and entitlement rights and analyze data usage patterns that may indicate suspicious behavior.

This information can be used to help determine any gaps in the security and compliance posture and to prioritize remediation efforts, such as updating access policies to mitigate the risk of unauthorized access, monitoring activities to uncover suspicious behavior in real time and taking action to remediate data breaches. Additionally, controls such as encryption can be deployed to safeguard sensitive personal data.

Promote Privacy, Build Trust and Grow the Business

Holistic programs — ones that are proactive, strategic and global in scope — deliver benefits beyond compliance. According to the Forrester survey, they include enhanced customer trust (41 percent of respondents), improved compliance (38 percent), improved data governance practices (37 percent) and improved customer retention (36 percent).

Ultimately, customers are more likely to do business, and do more business, with companies they trust to protect their personal data.

Learn how to build a strong data privacy program

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today