February 26, 2020 By Joanne Godfrey 3 min read

Modern privacy regulations are founded on a variety of principles going back to 1890 that sought to protect citizens from “yellow journalism.” Over the following years, governments enacted legislation that sought to respect an individual’s right to privacy, including their image and their correspondence.

Following an uptick in data breaches over the past few years, there has been a resurgence of concern around data privacy that has resulted in a spate of new regulations, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) and the Lei Geral de Proteção de Dados Pessoais (LGPD). As a result, organizations are now scrambling to figure out the processes and controls needed to support specific compliance requirements and protect the personal data they store, in part because those requirements have specific due dates, potential fines and punitive implications.

Data Privacy Is the New Strategic Priority for Organizations

According to a recent study from Forrester Research commissioned by IBM, 75 percent of organizations identify data privacy as a strategic imperative, yet only 28 percent of survey respondents have complete confidence in their ongoing ability to comply with emerging data privacy regulations. Among the top barriers to sustained compliance are, in fact, attempts to address data privacy compliance in a piecemeal approach as well as ambiguity as to what it means to be compliant. Moreover, the rate of change is overtaking the capacity to respond and maintain data privacy compliance.

Those organizations that do have heightened confidence in their ongoing ability to achieve data privacy compliance follow three key tactics, according to the survey. They take a holistic, proactive approach to compliance; utilize automation tools to simplify and streamline data risk assessments, protection and breach response; and they supplement internal expertise with external partners to help accelerate, scale and execute on their data privacy programs.

Download the Forrester Research report, “Data Privacy Is The New Strategic Priority”

Protecting Personal Data Is a Journey

The reality is that compliance is a journey for organizations that take a strategic approach to data privacy and protection. This journey should start with an assessment of the data risk landscape. This includes reviewing and updating data governance standards and policies, visualizing and mapping how and where the organization’s data is stored and how it flows and is shared across the organization, as well as assessing existing data security, risk and privacy controls and their capabilities.

The next stage of the journey utilizes automation to classify sensitive personal data across the organization, including on-premises and cloud data stores around the globe. As part of this process, it’s important to be able to identify high-risk databases and existing data access and entitlement rights and analyze data usage patterns that may indicate suspicious behavior.

This information can be used to help determine any gaps in the security and compliance posture and to prioritize remediation efforts, such as updating access policies to mitigate the risk of unauthorized access, monitoring activities to uncover suspicious behavior in real time and taking action to remediate data breaches. Additionally, controls such as encryption can be deployed to safeguard sensitive personal data.

Promote Privacy, Build Trust and Grow the Business

Holistic programs — ones that are proactive, strategic and global in scope — deliver benefits beyond compliance. According to the Forrester survey, they include enhanced customer trust (41 percent of respondents), improved compliance (38 percent), improved data governance practices (37 percent) and improved customer retention (36 percent).

Ultimately, customers are more likely to do business, and do more business, with companies they trust to protect their personal data.

Learn how to build a strong data privacy program

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today