Modern privacy regulations are founded on a variety of principles going back to 1890 that sought to protect citizens from “yellow journalism.” Over the following years, governments enacted legislation that sought to respect an individual’s right to privacy, including their image and their correspondence.

Following an uptick in data breaches over the past few years, there has been a resurgence of concern around data privacy that has resulted in a spate of new regulations, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) and the Lei Geral de Proteção de Dados Pessoais (LGPD). As a result, organizations are now scrambling to figure out the processes and controls needed to support specific compliance requirements and protect the personal data they store, in part because those requirements have specific due dates, potential fines and punitive implications.

Data Privacy Is the New Strategic Priority for Organizations

According to a recent study from Forrester Research commissioned by IBM, 75 percent of organizations identify data privacy as a strategic imperative, yet only 28 percent of survey respondents have complete confidence in their ongoing ability to comply with emerging data privacy regulations. Among the top barriers to sustained compliance are, in fact, attempts to address data privacy compliance in a piecemeal approach as well as ambiguity as to what it means to be compliant. Moreover, the rate of change is overtaking the capacity to respond and maintain data privacy compliance.

Those organizations that do have heightened confidence in their ongoing ability to achieve data privacy compliance follow three key tactics, according to the survey. They take a holistic, proactive approach to compliance; utilize automation tools to simplify and streamline data risk assessments, protection and breach response; and they supplement internal expertise with external partners to help accelerate, scale and execute on their data privacy programs.

Download the Forrester Research report, “Data Privacy Is The New Strategic Priority”

Protecting Personal Data Is a Journey

The reality is that compliance is a journey for organizations that take a strategic approach to data privacy and protection. This journey should start with an assessment of the data risk landscape. This includes reviewing and updating data governance standards and policies, visualizing and mapping how and where the organization’s data is stored and how it flows and is shared across the organization, as well as assessing existing data security, risk and privacy controls and their capabilities.

The next stage of the journey utilizes automation to classify sensitive personal data across the organization, including on-premises and cloud data stores around the globe. As part of this process, it’s important to be able to identify high-risk databases and existing data access and entitlement rights and analyze data usage patterns that may indicate suspicious behavior.

This information can be used to help determine any gaps in the security and compliance posture and to prioritize remediation efforts, such as updating access policies to mitigate the risk of unauthorized access, monitoring activities to uncover suspicious behavior in real time and taking action to remediate data breaches. Additionally, controls such as encryption can be deployed to safeguard sensitive personal data.

Promote Privacy, Build Trust and Grow the Business

Holistic programs — ones that are proactive, strategic and global in scope — deliver benefits beyond compliance. According to the Forrester survey, they include enhanced customer trust (41 percent of respondents), improved compliance (38 percent), improved data governance practices (37 percent) and improved customer retention (36 percent).

Ultimately, customers are more likely to do business, and do more business, with companies they trust to protect their personal data.

Learn how to build a strong data privacy program

More from Data Protection

Data never dies: The immortal battle of data privacy

4 min read - More than two hundred years ago, Benjamin Franklin said there is nothing certain but death and taxes. If Franklin were alive today, he would add one more certainty to his list: your digital profile. Between the data compiled and stored by employers, private businesses, government agencies and social media sites, the personal information of nearly every single individual is anywhere and everywhere. When someone dies, that data becomes the responsibility of the estate; but what happens to the privacy rights…

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task. In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each…

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…