This article is part of a VB special issue. Read the full series here: How Data Privacy Is Transforming Marketing.
Data privacy has always been a top priority in both consumer and business circles. Individuals, including company employees, demand more control over how their personal data is used and greater transparency into how businesses manage customer information. If data is the currency of the future, then ensuring data privacy is the key to gaining user trust.
In light of high-profile breaches and data leakage incidents such as the Sunburst SolarWinds attack, the Estée Lauder customer database leak, the discovery of Facebook and MGM Resorts confidential data on the dark web, the resurgence of WannaCry, REvil and other ransomware attacks companies have realized the need for robust data privacy strategies and processes.
Solutions should focus on how personal data is collected, processed, stored, shared, retained and destroyed while ensuring data availability and integrity and safeguarding assets from unauthorized access. This should also cover agreeing, blocking and disabling online cookies.
In cases where organizations are sharing data with each other, including those of third-party vendors, the above practices also apply. Executives need to collaborate to balance risk, transparency, customer and stakeholder satisfaction, and compliance. Needless to say, privacy policies must strike a balance between risk, prioritization, the cost of failure or breach as well as management commitment and operational and reporting costs.
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.
According to Gartner research, 75% of all organizations will restructure risk and security governance for digital transformation as a result of imploding cybersecurity threats, insider activity, and an increase in attack surfaces and vulnerabilities. Some companies have even appointed chief privacy officers, who are custodians and responsible for this important function. Enlisting services of privacy and compliance consultants vis-à-vis full or partial in sourcing are also active and ongoing considerations of management.
Data privacy often comes at a huge price — one that can’t be quantified in certain terms because the implications are vast.
“It’s easy to see that data breaches can be costly for companies of all sizes. Companies should be investing in data protection at all levels like encryption, access control and incident response to prevent dangerous and expensive attacks,” said Soumendra Mohanty, chief innovation officer and chief strategy officer of data analytics company, Tredence.
“The cost of non-compliance are massive from both a financial and reputational perspective. It can cost companies up to nearly $31 million to maintain compliance, depending on the industry, yet non-compliance can quickly double those numbers,” Mohanty said.
Fines, legal fees, and the loss of business are all potential consequences of failing to meet regulatory requirements. In some cases, companies may even be forced to shut down if they cannot comply with regulations.
According to a HelpSystems report, the costs of non-compliance continue to grow annually, increasing by 45%over the past decade. These costs incorporate fines and penalties, the indirect costs of reputational harm, revenue and time lost, and business interruptions.
Data privacy losses go beyond dollar value
“The true cost of data privacy, broadly, is their trust with their customers,” said Akbar Mohammed, lead data scientist, Fractal AI. “In this era of customers increasingly becoming tech-savvy, as soon as they realize that their data isn’t secure, the company will risk loss of trust from consumers. This eventually results in a lot of business disruption.”
Almost all companies that need to collect data for their operations should have a data privacy infrastructure in place. Companies should also set up dedicated security and compliance teams surveying data and technology assets along with maintaining an aggressive threat detection policy. It’s imperative for companies today to have a data strategy and have policy and procedures governed by a data governance entity.
“For large organizations, it’s best to have regular audits or assessments and get privacy-related certifications,” Mohammad said. “Lastly, train your people and make the entire organization aware of your activities, your policies.”
Data Privacy compliance regulations that matter
To help project costs and financial implications, companies should be mindful of existing legislation and regulations like GDPR, the CCPA, HIPAA, the FTC Act and the GLB Act — alongside those on the horizon to address the pressing privacy and data challenges facing business operations everywhere.
Navigating data privacy management
As per Dan Garcia, CISO of EnterpriseDB, a provider of software and services based on the open-source database PostgreSQ, organizations should prioritize the security of their data, which first starts with discovery within the systems.
Having controls mapped to a data classification policy helps ensure appropriate protections from cyber threats such as cybercriminals. It’s a conscious effort within and across the business to support more secure practices. Organizations lacking internal resources, employee education, appropriate encryption and firewalls, and adopting poor password and privacy practices could experience a serious breach and resulting lawsuits that could cripple their business.
Its imperative organizations invest in a strong backup solution, as backing up important files and information is essential for data security. With reliable backups in place, an organization can withstand common occurrences like system failures, hard disc failures, corruption, and ransomware scenarios.
“Cybercriminals have become skilled at identifying where backups are stored and purging them during ransomware attacks, so organizations should pay extra attention to how backups are protected, storing them in offsite locations, and ensuring they are securely managed,” he said.
Developers and business leaders alike seek data ownership and control and they simply don’t have time— or money — to waste. As enterprises adopt a cloud-first approach to their data management, they should invest wisely in technology providers that ensure robust privacy measures—without sacrificing ownership and access to their data.
Data privacy checklist
There is no one-size-fits-all checklist for data privacy management, as the specific requirements will vary depending on the type and size of the company, as well as the industry sector. Nonetheless, Evalueserve’s VP and Global Head of Data and Analytics Swapnil Srivastava shared some tips on managing data privacy within a company in order of importance and cost.
|Cost Overhead||Why is it Important?|
|Data protection initiatives||Country-specific laws mandate strong governance and control of customer personal data|
|Investments in specialized technologies to protect data and IT infrastructure assets||Implementing compliance solutions require investments in specialized software|
|Compliance audits||Companies are mandated to report to regulatory authorities and demonstrate proof of staying compliant.|
|Compliance policy development||Clear policies with roles, responsibilities, and ownership must be implemented in organizations regarding compliance activities.|
|Incident response ecosystem||As part of responding to a situation of breach of compliance, companies must invest in incident response solution|
|Staff Certification||Mandated by regulatory authorities|
|Communications and training||To ensure organizations have trained officials to engage, roll out, and implement a compliance strategy|
|Redress activities||To enable companies, to have standard operating procedures to deal with and settle issues arising out of breach/fall out of a compliance violation|
Sridhar Damala, CTO of Acuity Knowledge Partners, recommends companies to look at privacy by design rather than an afterthought if they wish to spend less than most companies.
“Privacy by design ensures that you have the foundation built for scalability,” he said. “If you have the right set of tools, processes and automation in place from day 1, your spend on data privacy will be incremental rather than linear.”