Industry expert views for Data Privacy Day
Depending on who you talk to today is either Data Privacy Day or Data Protection Day. But whatever you want to call it the idea is to focus attention on the importance of best practices for looking after sensitive information.
In the current environment with distributed workforces and more transactions taking place online, this is more important than ever. We've rounded up opinions from some leading industry figures on the current state of data privacy and what can still be improved.
Mike Wood, CMO at Versa Networks focuses on the importance of securing remote workforces, "We anticipate some drastic changes to the world of work as companies re-evaluate their use of traditional workspaces. With this in mind, organisations that have managed to scrape by on ill-suited and outdated remote working set-ups need to take the opportunity to adapt their operations with a more long-term strategy. To enable a hybrid workforce, security is key, and integrating solutions such as SASE which includes services such as Secure SD-WAN, SWG, ZTNA, and segmentation, will allow the best security practices an organization can put in place. Investing in and implementing solutions that can ensure privacy of your remote worker's data is key this year and going forward because who knows how long we’re going to be in a situation where companies are supporting a hybrid workforce."
This is echoed by James Carder, CSO of LogRhythm:
In the wake of COVID-19 remote work cybersecurity concerns and the high-profile SolarWinds hack, we've seen security elevate in importance and the protection of sensitive data has become more of a shared responsibility across the company. Organizations are realizing that IT and security teams aren't the only ones with something to lose in the event of a breach; the whole business is at stake. The board doesn't want to risk a security breach or be found negligent based on a lack of investment in security.
With more and more companies experiencing breaches and people's personal information being shared with so many businesses, Data Privacy Day serves as an important reminder for organization leaders to acknowledge their shared responsibility for cybersecurity and effective data protection across the entire business. For companies that aren't currently operating in this way, it is a time for them to take a step back and make a plan to prioritize it in 2021.
There's praise for legislators' efforts from Rick McElroy, principal cybersecurity strategist, VMware at Carbon Black, "As a privacy advocate, I commend governments like California for enacting the CCPA, now CPRA, as a means to strengthen data protection. Today, CISOs share responsibility for privacy enforcement, adding more pressure to the traditionally strained role. Moving forward, to allow security roles to learn more about privacy, organizations will either have to invest in automation and the proper tooling to bolster cybersecurity measures, or appoint Chief Privacy Officers in a new role focused solely on data privacy. Overall, consumers will ultimately benefit from this shift, as it means their information is held to stringent protection standards and privacy is prioritised across the business."
Jasen Meece, CEO of Cloudentity says, "Data Privacy Day is an ideal time to build awareness and start an open dialogue about how individuals' data is being leveraged by companies. It’s important to put the power of data back into consumers’ hands so they can decide how their data is being used and shared. After the California Privacy Rights Act (CPRA) passed in November 2020, many other states and countries may follow suit in implementing data and privacy laws to give consumers control of their personal data. However, adhering to privacy standards can be challenging for companies, especially as applications become more complex with the addition of distributed services, APIs, and serverless resources all collecting and passing user data across environments."
Joseph Carson, chief security scientist at Thycotic sees privacy evolving into data rights management, "I believe the big question, when it comes to data privacy, is 'How is citizens' data being used, collected and processed?' Ultimately data privacy will evolve into Data Rights Management which means rather than giving up personal data for so called free use of internet services, citizens should and can get paid for allowing their personal data to be used for marketing purposes. It will become more about how the personal data will be used, and what monetization is resulting from the data. In the future everyone will become an influencer this difference is how much is it worth."
Adam Brady, director, systems engineering, EMEA, at Illumio believes organizations need to improve their controls, "For organizations looking to secure PII, micro-segmentation as part of a Zero Trust approach is a critical control. Traditional segmentation of the network is no longer enough to prevent the kind of lateral-movement-based threats we see. Forward thinking enterprises need to be thinking about visibility, and micro-segmentation -- where they can easily isolate high-value applications and environments, prevent lateral movement, enforce granular security policies, and apply the Zero-Trust posture of 'never trust, always verify'."
Steve Grewal, CTO, Federal at Cohesity agrees:
To better address the challenges of data privacy regulations and customer concerns, organizations need to adopt a data-first mindset. This means prioritizing and investing in the management and protection of data in a manner that effectively balances the intrinsic business value of data with the needs and rights of customers and consumers.
Consumers and customers expect to be informed of how their data is being used and protected. This is a significant challenge for all organizations, and it will require greater collaboration between the individuals tasked with providing data security, privacy, and compliance to meet these expectations and enhanced regulations.
Greater levels of collaboration, scrutiny, and the adoption of modern data management technologies and strategies will be needed to better protect the data organizations have been entrusted with.
Nat Maple, chief marketing officer at BullGuard urges people to take steps to protect their own data by using technologies like VPNs, password managers and multi-factor authentication, "The importance of Data Privacy Day can't be overstated. Apps, websites and online services hoover up personal data but people feel as though there is little they can do about it. If you want to use or sign up for a service or app you have to accept the privacy terms which typically means you are handing over your private data. Added to this is the danger that your data can be hacked and exploited by cybercriminals for financial or identity fraud. We want people to know that you can reclaim data privacy and protect your family with a few simple steps."