Powered by the National Cyber Security Alliance, Data Privacy Day is an international effort to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust. Personal data is being processed every second whether that be at work, surfing the internet, doctor’s office, purchasing goods, and more. From GDPR to Apple, Amazon and Facebook preaching data privacy at CES this month, discussions only seem to be rising around protecting personal data.
In honor of this year’s Data Privacy Day on January 28, below are tips from industry experts on keeping personal and business data safe:
Anis Uzzaman, CEO and General Partner of Pegasus Tech Ventures:
“Data is a new currency that individuals and organizations are mining and monetizing around the world. Some of the biggest technology companies in the world such as Facebook, Google, and Amazon use data they collect on their platforms for targeted advertisements, which is a main driver for their monopolistic profits. While many admire these companies as American pioneers, they should also realize that we are entrusting them with our personal data, which is a large responsibility. On Data Privacy Day, it’s important to remember that sensitive information needs safeguarding more than ever before. Some information that particularly needs to be protected by companies includes personal health data as this is very sensitive information that most people don’t want to be shared or used against them for future decisions they may want to make. Some startups are pioneering new ways to make sense and drive productivity through data analytics and mining such as App Annie and Tamr. We anticipate investments in this space will only continue to grow alongside the growth of global data.”
Patrick Lastennet, Director of Enterprise, Interxion:
“In today’s sophisticated threat landscape, customers expect that the enterprises they’re doing business with are protecting their data and privacy, no matter where in the world they are located. These expectations are shifting how businesses must now operate, especially considering they also need to adhere to an ever-widening set of data privacy regulations, including GDPR. While meeting these compliance regulations is complex and challenging, they cannot be ignored. A key part of this will be for businesses to plan their infrastructure, and data handling and storing processes accordingly.
Most enterprises managing customer data are likely leveraging at least one form of cloud – which becomes increasingly complicated when different service providers have their own processes for remaining compliant. Enterprises can’t count on their providers’ compliance alone – they must ensure their own forms of protection as well. In order to still reap the benefits of cloud, enterprises seeking to uphold the highest standard of data privacy will increasingly turn to encryption to protect their critical information. As such, securing encryption keys becomes a necessary layer of added security.
Key encryption management services secure encryption keys in a Hardware Security Module (HSM) that is kept separate but in close proximity to the cloud environment in which their applications reside, allowing for high performance, low latency integration with cloud apps without compromising on security or compliance. Since most enterprises don’t have the necessary resources to do this on their own, turning to a managed service within a collocated data centre provides the perfect solution for key encryption management. Not only will this help enterprises adhere to strict data privacy regulations, but it will also help them win in the ever-scrutinizing eyes of consumers looking to hold businesses to a higher standard in the wake of high-profile data privacy scandals.”
Ray Overby, CTO and Co-Founder, Key Resources:
“Data Privacy Day is all about raising awareness of how organizations put the vast amount of sensitive data they store at risk and encouraging everyone to take action to better protect this data. One major risk to data privacy is excessive access, which simply means that there are individuals, either internally or externally, who have unnecessary access to information on the mainframe. The more people with access to information, the more likely your data will be compromised. These issues can crop up inadvertently and go undetected for years, so organizations need to include excessive access checking in ongoing security processes.
To mitigate this risk, excessive access checking should be included in an organizations security policy and done periodically to maintain a proper security posture. However, this is an arduous process that can uncover hundreds of thousands of findings, which the organization then must address. The good news is, automation can speed up excessive access checking and helps organizations drill down to the user level, to get a detailed report of who has access to what.
Another tip for organizations to improve data privacy practices is to accurately inventory, classify, and define data ownership. For organizations beginning the data discovery and classification journey, visibility into the movement and usage of your firm’s most sensitive data can help uplift security programs significantly. When you know what you have, where it is, and who has access to it, you can develop the right policies around ownership and also target your strongest security controls such as encryption of that data.”
Steele Arbeeny, CTO, SNP Group:
“As we are mindful of Data Privacy Day this January, we are reminded even more of how companies and their clients or customers need to stay hyper aware of ensuring that their data is safe and protected. This rings especially true when it comes to digital transformation and data migration as the complexity of these processes leaves important data vulnerable and opened to the risk of getting lost or hacked. When companies make the move to new application systems, it is essential to ensure a smooth transition by implementing best practices such as conducting thorough inventory to determine no personal data is being collected, adequately backing it up, and properly protecting it with appropriate security platforms.”