As cyber risk intensifies worldwide, regulatory authorities are looking at privacy and data protection frameworks much more seriously than they were a decade ago. In fact, since the launch of the European Union’s GDPR, this has shaped a plethora of global regulations and governing bodies who have either adopted or are considering legislation for more concrete personal data and privacy regulations.
In North America alone, 33 states have introduced some sort of data privacy legislation. California, Colorado, and Virginia have already signed those policies into law. Globally, 76% of countries have drafted or enacted some sort of personal data privacy protection, including China, Russia, Brazil, and Australia.
The newly drafted India Personal Data Protection (PDP) Bill includes requirements for notice and prior consent for the use of individual data. It also limits the purposes for which companies can process data and restrictions to ensure that only data necessary for providing a service to the individual in question is collected.
What is driving this demand for enhanced privacy and data protection?
Some would say we have experienced a perfect storm. In 2020, cybercrime cost the world more than $1 trillion, a 50% increase from 2018. Today, data breaches of increasing sophistication and severity are at an all-time high. So, it comes as no surprise that consumer confidence in the promise of data security is at an all-time low. Most Americans, for example, now believe that they have lost total control of their data.
Managing the increasingly challenging task of maintaining data and system security in a complex, distributed environment is no easy feat. It has also become even harder post-pandemic. In 2021 most organizations have moved to a hybrid work environment, and digital transformation programs have accelerated.
In its analysis of the impact of COVID-19, consultancy McKinsey calculated that digital transformation programs accelerated by the equivalent of seven years in just a few months to meet customer demand. But this acceleration means attack vectors have grown. Digital systems have multiple access points for customers, partners, and employees, resulting in an expanded attack surface.
Additionally, the volume of data has exploded. There are multiple data types, making it incredibly difficult for organizations to understand what data they have, how it is being used, and where. Likewise, there is increasing pressure to unlock data to enable better decision-making and gain a competitive advantage. Therefore, the challenge for security and privacy professionals is exploiting data safely and protecting it while enabling the business.
Regulators are handing out significant fines
Earlier this month, the instant messaging service WhatsApp was fined €225m by the Irish Data Protection Commission. It resulted from an investigation that started in 2018 and concluded that WhatsApp was not being transparent enough around its privacy policies and how it would process customer data. It is the second-largest GDPR fine to date and clearly illustrates the risk of poor data handling.
Moreover, according to GDPR Enforcement Tracker, 55% of GDPR fines are down to the poor processing of personal data. A further 40% of fines are around the lawfulness of processing and whether the company has the right legal basis to use the data and the proper controls in place to ensure usage is aligned with the purposes defined. Therefore, fines are not just around data breaches. Organizations are also fined if they have insufficient governance around their data assets.
Furthermore, there is a growing emphasis on employee and workplace privacy. Organizations that consume personal information must clearly identify the systems where this data is stored and how it is controlled. However, employee data typically lives in unstructured files – in emails, chats and often in places not on a priority list for control and protection.
High Street retailer H&M was recently fined because it wasn’t appropriately discovering and protecting employee data. Instead, it was leaving conversations in chats and sharing sensitive data. The regulator fined the retailer because there was a disproportionate amount of data living in systems without enough control and which the company had not prioritized as needing protection.
Consumer awareness of rights is growing
As a result of all this heightened publicity, people are becoming much more aware of their rights as a consumer. It means data security is having an impact on purchasing decisions. It’s also influencing how organizations prioritize budgets.
According to a recent Now Tech Forrester report, budgets for privacy management software, in particular, are growing. On top of this, investments aimed at improving privacy and data protection practices are coming from a variety of departments, not just IT security. Employees, customers, and partners are more aware of expectations and the need to better safeguard personal and corporate data.
Organizations can use privacy management software to ease the task of achieving compliance with privacy regulatory requirements. Additionally, it enables organizations to leverage personal and sensitive data more ethically and efficiently while safeguarding employees’ and customers’ trust.
The Forrester Analytics Business Technographics® Security Survey, 2020 asked global security decision-makers what tools they had purchased to comply with data protection regulations like GDPR. The responses were:
- 49% said privacy management software
- 44% said data management platforms
- 38% use data discovery and classification tools
- 37% use other controls.
It’s now time for organizations to invest in privacy
The Forrester Now Tech Privacy Management Report explains why organizations invest in privacy management software from a compliance perspective and to ensure data ethics and employee and customer trust. It includes a list of over 30 relevant privacy management software vendors. It was compiled based on market presence and functionality, including HelpSystems’ Data Classification in the mid-sized category.
Additionally, the report provides advice around selecting the right technology to support privacy and data protection programs. It also advises organizations on what to consider, such as business needs and goals, the complexity of the organization’s data, the environment and technology infrastructure both now and in the future, and any form of measurement criteria surrounding how data is used, stored, governed, and disposed of.
Here at HelpSystems, we believe data classification is the foundation of a robust data privacy strategy. By implementing a data classification solution, policies can be customized to the organization’s exact business requirements. It means data is identified, classified, governed, controlled, and protected at all times.
Our solution provides reliable data identification and classification, enabling employees to work safely and with confidence. Our solutions can be customized to suit your compliance requirements, and as well as being easy to use, they can be adapted as your needs evolve.
As consumer demand for better data privacy continues to escalate, supported by a global regulatory drive, it is essential that businesses invest intelligently in the technology solutions and privacy management programs that will allow them to achieve compliance and maintain customer trust without compromising performance.
Titus is synonymous with world-class data classification and our solutions are key components of HelpSystems’ robust data security portfolio.
Titus solutions are trusted by millions of users in over 120 countries around the world, including top military, government and Fortune 100 organizations. With the addition of data identification and advanced machine learning technologies, Titus has evolved into a global leader in enterprise-grade data protection solutions.