The COVID-19 pandemic has certainly added another layer of complexity to the workplace, as companies are relying on technology to establish secure remote work capabilities. With IT modernization being a key topic for business leaders currently, Data Privacy Day (January 28) is a great time to reflect on the importance of ensuring all company cyber assets are secure.
Data privacy must be a priority, and more than ever the public sector in particular needs to really think about what data they hold, how they collect it and how it is applied and used. The risks relating to areas such as data ethics, inclusivity, privacy and data sharing needs to be a focus, particularly as data volumes grow in the cloud.
The public sector is currently working on data sharing initiatives so that the various bodies can work in a more coordinated way. If the data is accurate and well-protected, that should result in big social benefits.
However, one of the goals of data protection is to protect individuals from risks arising from the power of the state and so as the coordination grows, it’s really important to understand how different communities react to that and what they do and fear as a result. To achieve this however, its’ imperative that a ‘user-centred’ approach to privacy is implemented, so that public sector organisations understand that, amongst different communities and for different circumstances, the same thing can land differently with different people.
Public trust is essential in order to maximise the potential benefits of data-driven innovations, and that comes from a willingness to listen to diverse voices and incorporate their views of privacy risks into projects.
Data protection is increasingly important to businesses in Europe with the onset of regulations and compliance measures, like GDPR and Schrems II, threatening to cost businesses millions if they don’t comply. In fact, in 2021 European data regulators issued €1.1 billion (£920 million) in GDPR fines – a huge 585% increase compared to 2020.
Increasingly, businesses require their data to stay in the EU when it goes through application scanning, and our European instance, the “European Region”, enables this by providing EU data residency for customers. Eventually, all cloud-based solution providers will need to establish data instances to help customers secure their information.
It’s also important businesses shore up their software security to protect private data from hackers. With the growing adoption of open source, there is increased systemic risk in the software supply chain. As more developers rely on open source, we’ve reached a tipping point where greater risk comes from open source than a developer’s custom code. Therefore, it is more important than ever that businesses shift security left in the software development lifecycle, empower developers by training them on best practices in secure coding, and provide the tools to find and fix vulnerabilities in their software.
<p>It is promising to see that Data Privacy Day 2022 is generating so much discussion around the topic of protecting data. But with cyber criminals’ tactics becoming increasingly sophisticated every day, it’s important that we keep this momentum going throughout the year and beyond. </p>
<p>Data Privacy Day is great for raising awareness of cyber threats, especially considering a staggering 95% of cyber-attacks are due to human error. However, education alone is not enough and cybersecurity measures need to be more robust than ever. Fortunately, we have some incredible solutions that are readily available to both individual consumers and organisations. When developing a cybersecurity strategy, it’s important to consider that anti-virus software alone is not enough – it requires too much input from the individual, like updating the software. Companies should adopt robust firmware as the last line of defence. And, advancements in technology mean it’s now possible to have AI-infused SSD (such as Flexxon’s X-PHY) embedded into laptops to protect data against every type of attack, from ransomware and malware all the way to physical security. </p>
<p>As Data Privacy Week comes to an end, we need to continue to raise awareness of these new and highly effective technologies that can assist us in the fight against cybercriminals.</p>
<p><i><span style=\"font-weight: 400;\">Data privacy had a big year; hybrid work opened the floodgates to new data security and privacy risks, there were eye-watering fines from high profile data breaches and new privacy laws such as the China Personal Information Protection Law (PIPL) went into effect as more regulations continue to surface. The India Data Protection Bill will likely be passed soon and a federal data privacy regulation is under serious discussion in the United States. Regardless of how the data privacy landscape continues to evolve, there are fundamental steps every business can take to put privacy first and protect the personal data of both employees and customers. </span></i></p>
<p><i><span style=\"font-weight: 400;\">This year’s Data Privacy Day is an opportunity for businesses to take inventory of their privacy practices and identify what more they can do to build trust. Seize the moment by reviewing data processing activities to understand what’s being collected, how it’s being stored, and who it’s being shared with. Keeping the end user’s privacy interests at heart and leading with transparency in all your technology and business decisions is always a good strategy. By taking these fundamental steps, businesses will be that much closer to improving their resiliency and successfully navigating today’s evolving regulatory landscape. </span></i></p>
<p><i><span style=\"font-weight: 400;\">Organizations also should look to leverage the cloud to streamline governance and achieve data resilience at scale. Just in the last week, the Biden administration has mandated federal agencies to more widely deploy cloud technologies in an effort to strengthen the nation’s defenses. Now is the time to act before violations result in fines, loss in customer trust, or worse. </span></i></p>
<p>Collectively, are we on the right side of history with Data Privacy? I would argue not yet. We are going to look back at this era as if we were data barbarians. In our increasingly \"Ready Player One-Esque\" environment, we must set aside time to think about our privacy and how to protect it. <u></u><u></u></p>
<p>“We can see the wave of data morality coming from thought leaders and governments forcing hands by enacting regulations, including GDPR and CCPA. For enterprises to meet these rising expectations and comply with new regulatory guidelines, they\’ll need to prove that they are investing in privacy. Companies who want to capitalise on this moment should seek to collect as little data as possible, encrypt what data they do have, give customers a path to opt out of data harvesting, and give customers the ability to be forgotten (i.e. providing previously collected data back to the customer, and then deleting it).<u></u><u></u></p>
<p>“But most importantly, organisations need to communicate clearly how collected data is used in order to provide value back to the customer. This means clearly articulating how it is protected, and the customer’s privacy options.<u></u><u></u></p>
<p>“This can be particularly challenging for data involved in proprietary machine learning, but algorithmic transparency demonstrates that an enterprise is conscientious about data privacy. This includes Disney, who recently agreed to privacy changes for children\’s apps, effectively removing tracking software for targeted ads. In addition, companies should seek to embed customer privacy as one of their core values and communicate this value as part of their customer-facing messaging. <u></u><u></u></p>
<p>“Let\’s usher in a new phrase, \’the customer is always <s>right</s> secure.</p>