Regulation around the world increasingly seeks to address data privacy. Organizations can't overlook compliance.
Data Privacy Day: Privacy, compliance, and managing regulatory risk.
This past week was Data Privacy Week, and Sunday, January 29th, marked the observance of Data Privacy Day. Experts discuss the increased risks posed by cyberattacks to data privacy, as well as the important role employees play in an organization’s data protection, and best practices and solutions to improve data security posture. In this article we see what they’ve said about privacy regulations and the challenge of complying with them.
Data privacy regulations are now in effect in most parts of the world.
Don Boxley, CEO and Co-Founder, DH2i, notes increasing regulations around data privacy, globally:
“The perpetual concern around data privacy and protection has led to an abundance of new and increasingly stringent regulations around the world. According to the United Nations Conference on Trade and Development (UNCTAD), 71% of countries now have data protection and privacy legislation, with another 9% having draft legislation.
"This increased scrutiny makes perfect sense. Data is being created and flowing not just from our business endeavors, but countless personal interactions we make every day - whether we are hosting an online conference, making an online purchase, or using a third party for ride-hailing, food delivery, or package transport.”
Almog Apirion, CEO and Co-Founder of Cyolo, discusses the development of government data privacy regulations over time:
"Data Privacy Day aims to increase awareness over the need to protect employee and customer data while adhering to regulatory laws such as GDPR or CCPA. Even if newer regulations are highlighting today's major need for data protection, this is not something new - in fact, the first legally binding international privacy and data protection treaty, Convention 108, was signed well before today’s regulations in 1981. Because of our greater reliance on digital technology to govern most of both individual and organization facets, it is important to reconsider what, when and where as well as with whom it is shared with others. Data Privacy Day is a component of the worldwide ‘STOP. THINK. CONNECT.’ campaign for online privacy, security and safety.”
Compliance with data privacy regulations isn’t to be overlooked.
Tilo Weigandt, COO and co-founder of Vaultree, emphasizes the need to remain compliant with growing regulations:
“It is important to note that data privacy is a complex issue and there is no one-size-fits-all solution. For example, a zero-trust framework powered by AI and machine learning is not the only solution to best protect your data. Other approaches include using encryption, implementing strict access controls, and regular monitoring and auditing systems.
“Organizations should consult experts to determine the best approach for their specific needs and requirements, especially with data privacy rules certain to get more strict. State-level momentum for privacy bills is at an all-time high to regulate how consumer data is shared. Recent developments such as the California Privacy Rights Act, the quantum computing security legislation, and Virginia Consumer Data Protection Act clearly show that protecting consumer privacy is a growing priority in the U.S.
“Compliance with relevant data privacy regulations such as GDPR or HIPAA is also crucial. One tactic able to support all of the above and the essential basis of all cybersecurity practices is data-in-use encryption because working with data in a fully encrypted format opens up numerous possibilities for companies. Data Privacy is a complex and ongoing process, but it is worth it. Protecting your data properly will mitigate a data breach's financial, cyber, legal, reputational, and business risk.”
Data privacy regulation is gaining momentum in the US at both Federal and state levels.
And the states seem to have led the way, not the Federal government.
Jeff Sizemore, chief governance officer at Egnyte, highlights the momentum that’s gathered in the US for data privacy legislation at both the state and Federal levels:
“Data Privacy Day reminds us that personal privacy is being viewed more and more as a global human right—by 2024, it’s predicted that 75% of the world’s population will be protected under modern data privacy regulations. We will continue to see data privacy gain significant traction across industries and business disciplines, such as with personal financial data rights. Company trust will increasingly have a larger impact on customers’ buying decisions as well.
"In the U.S., five states (California, Virginia, Colorado, Connecticut and Utah) have already enacted or plan to enact data privacy legislation this year. And the movement toward a federal law is only a matter of time, as we have seen positive momentum with the American Data Privacy and Protection Act (ADPPA).
"Without a doubt, as government entities and regulatory bodies show increased interest in data privacy, we can anticipate stronger enforcement mechanisms. Enforcement of regulations will become more strict, with fines and litigation for noncompliance expected to increase.
"There’s no time like the present to prepare for these business-impacting regulations, especially with more on the horizon. Organizations can take proactive steps like keeping data privacy policies up-to-date and gaining visibility into structured and unstructured data. Ultimately, companies that respect data privacy and understand the short- and long-term benefits of compliance will be well-positioned for the future.”
Chris Lehman, CEO of Safeguard Cyber, describes the California Consumer Privacy Rights Act, which went into effect at the start of this year:
"This Data Privacy Day could not come at a better time as state privacy regulations such as the California Consumer Privacy Rights Act (CPRA) which succeeds the California Consumer Privacy Act went into effect on January 1, 2023. The CPRA enhances user right over data with the rights to correct inaccurate personal information; and the right to limit use and disclosure of sensitive personal information.”