Modern privacy regulations are founded on a variety of principles going back to 1890 that sought to protect citizens from “yellow journalism.” Over the following years, governments enacted legislation that sought to respect an individual’s right to privacy, including their image and their correspondence.

Following an uptick in data breaches over the past few years, there has been a resurgence of concern around data privacy that has resulted in a spate of new regulations, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) and the Lei Geral de Proteção de Dados Pessoais (LGPD). As a result, organizations are now scrambling to figure out the processes and controls needed to support specific compliance requirements and protect the personal data they store, in part because those requirements have specific due dates, potential fines and punitive implications.

Data Privacy Is the New Strategic Priority for Organizations

According to a recent study from Forrester Research commissioned by IBM, 75 percent of organizations identify data privacy as a strategic imperative, yet only 28 percent of survey respondents have complete confidence in their ongoing ability to comply with emerging data privacy regulations. Among the top barriers to sustained compliance are, in fact, attempts to address data privacy compliance in a piecemeal approach as well as ambiguity as to what it means to be compliant. Moreover, the rate of change is overtaking the capacity to respond and maintain data privacy compliance.

Those organizations that do have heightened confidence in their ongoing ability to achieve data privacy compliance follow three key tactics, according to the survey. They take a holistic, proactive approach to compliance; utilize automation tools to simplify and streamline data risk assessments, protection and breach response; and they supplement internal expertise with external partners to help accelerate, scale and execute on their data privacy programs.

Download the Forrester Research report, “Data Privacy Is The New Strategic Priority”

Protecting Personal Data Is a Journey

The reality is that compliance is a journey for organizations that take a strategic approach to data privacy and protection. This journey should start with an assessment of the data risk landscape. This includes reviewing and updating data governance standards and policies, visualizing and mapping how and where the organization’s data is stored and how it flows and is shared across the organization, as well as assessing existing data security, risk and privacy controls and their capabilities.

The next stage of the journey utilizes automation to classify sensitive personal data across the organization, including on-premises and cloud data stores around the globe. As part of this process, it’s important to be able to identify high-risk databases and existing data access and entitlement rights and analyze data usage patterns that may indicate suspicious behavior.

This information can be used to help determine any gaps in the security and compliance posture and to prioritize remediation efforts, such as updating access policies to mitigate the risk of unauthorized access, monitoring activities to uncover suspicious behavior in real time and taking action to remediate data breaches. Additionally, controls such as encryption can be deployed to safeguard sensitive personal data.

Promote Privacy, Build Trust and Grow the Business

Holistic programs — ones that are proactive, strategic and global in scope — deliver benefits beyond compliance. According to the Forrester survey, they include enhanced customer trust (41 percent of respondents), improved compliance (38 percent), improved data governance practices (37 percent) and improved customer retention (36 percent).

Ultimately, customers are more likely to do business, and do more business, with companies they trust to protect their personal data.

Learn how to build a strong data privacy program

More from Data Protection

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…