Light Dark
February 26, 2020 By Joanne Godfrey 3 min read
Data Protection

Modern privacy regulations are founded on a variety of principles going back to 1890 that sought to protect citizens from “yellow journalism.” Over the following years, governments enacted legislation that sought to respect an individual’s right to privacy, including their image and their correspondence.

Following an uptick in data breaches over the past few years, there has been a resurgence of concern around data privacy that has resulted in a spate of new regulations, including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) and the Lei Geral de Proteção de Dados Pessoais (LGPD). As a result, organizations are now scrambling to figure out the processes and controls needed to support specific compliance requirements and protect the personal data they store, in part because those requirements have specific due dates, potential fines and punitive implications.

Data Privacy Is the New Strategic Priority for Organizations

According to a recent study from Forrester Research commissioned by IBM, 75 percent of organizations identify data privacy as a strategic imperative, yet only 28 percent of survey respondents have complete confidence in their ongoing ability to comply with emerging data privacy regulations. Among the top barriers to sustained compliance are, in fact, attempts to address data privacy compliance in a piecemeal approach as well as ambiguity as to what it means to be compliant. Moreover, the rate of change is overtaking the capacity to respond and maintain data privacy compliance.

Those organizations that do have heightened confidence in their ongoing ability to achieve data privacy compliance follow three key tactics, according to the survey. They take a holistic, proactive approach to compliance; utilize automation tools to simplify and streamline data risk assessments, protection and breach response; and they supplement internal expertise with external partners to help accelerate, scale and execute on their data privacy programs.

Download the Forrester Research report, “Data Privacy Is The New Strategic Priority”

Protecting Personal Data Is a Journey

The reality is that compliance is a journey for organizations that take a strategic approach to data privacy and protection. This journey should start with an assessment of the data risk landscape. This includes reviewing and updating data governance standards and policies, visualizing and mapping how and where the organization’s data is stored and how it flows and is shared across the organization, as well as assessing existing data security, risk and privacy controls and their capabilities.

The next stage of the journey utilizes automation to classify sensitive personal data across the organization, including on-premises and cloud data stores around the globe. As part of this process, it’s important to be able to identify high-risk databases and existing data access and entitlement rights and analyze data usage patterns that may indicate suspicious behavior.

This information can be used to help determine any gaps in the security and compliance posture and to prioritize remediation efforts, such as updating access policies to mitigate the risk of unauthorized access, monitoring activities to uncover suspicious behavior in real time and taking action to remediate data breaches. Additionally, controls such as encryption can be deployed to safeguard sensitive personal data.

Promote Privacy, Build Trust and Grow the Business

Holistic programs — ones that are proactive, strategic and global in scope — deliver benefits beyond compliance. According to the Forrester survey, they include enhanced customer trust (41 percent of respondents), improved compliance (38 percent), improved data governance practices (37 percent) and improved customer retention (36 percent).

Ultimately, customers are more likely to do business, and do more business, with companies they trust to protect their personal data.

Learn how to build a strong data privacy program

 |  |  |  |  |  |  |  |  |  |  | 
Joanne Godfrey

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature