Data Privacy Week into Data Privacy All Year

With the threat landscape ever evolving, both private citizens and companies need to understand the latest requirements for data security and data privacy. With the dynamic threat landscape in mind, Srujan Akula, CEO & co-founder of The Modern Data Company, discusses why data privacy should be a priority all year round.

At the beginning of 2022, Data Privacy Day became Data Privacy Week. The National Cybersecurity Alliance chose to expand its observance in order to teach a wider audience about modern data privacy expectations. For businesses, it’s not only about mitigating risk but also about creating a significant differentiator between themselves and their competitors. See below for a list of what companies should be doing to protect data.

A Checklist for a Healthy Data Ecosystem

Here are a few questions a company can ask to assess the health of its data ecosystem when it comes to privacy:

What data do I have? 

Many companies regulate their data by locking it down to protect it. While you can’t fault companies for playing the hand they’re given, this strategy has an unintended downside — data silos.

Siloed data stands separate from the larger data ecosystem. Once a majority of data rests in silos, it can be very challenging for a company to know what data is available. Even if one data set looks like it has identifying details scrubbed, sometimes companies possess multiple sets of data that threat actors can combine to identify individuals. 

Companies must understand what their data assets contain and how those assets fit together as a whole. In addition, they should clearly understand what sensitive data — or potentially sensitive data — lies in their possession and what linkages it has to other data.

See More: How Radical Data Privacy Fuels Growth

Where is this data stored?

Companies should also be aware of where they store all this data. Not knowing can lead to weaknesses in the ecosystem that hackers can exploit. Modern enterprises store data in legacy systems, data warehouses, on-prem, and in the cloud. Unfortunately, many aren’t aware of the true range of data locations and therefore make costly mistakes such as breaking existing pipelines when trying to upgrade their ecosystem. 

Understanding where data is stored has several benefits, such as: 

• It’s easier to determine what must happen for the data ecosystem to evolve.
• Companies ensure they collect only the data they need for their stated purpose. Using data outside this purpose — even accidentally — carries serious consequences per regulations such as GDPR.
• Any risks associated with security loopholes are found more quickly and patched.

How much of this data do I control?

Data is inextricably linked across the global stage. Companies that share data with strategic partners have better competitive differentiation but sometimes need to remember what data they actually control.

Control is key to modern governance. Companies must know what data they control to determine and then manage access. Control is also a fundamental piece of unlocking data from silos. Companies can’t silo data just to protect it because they won’t access its full potential; instead, different tiers of access allow data to flow freely within the organization while keeping it protected.

Ideally, companies would have granular control of data access and permissions. Data privacy and security may have been at odds with unleashing the full potential of data in the past. However, a modernized ecosystem can both protect data while ensuring its use.

What can I modernize without disruption?

Once companies understand their data, they should turn their attention to their ecosystem. Part of the danger as technology evolves is any disruption. A disruption in the network can cause weak points in security. A disruption in expertise — such as when new tools are implemented into the data ecosystem without proper training or the only expert on a particular tool leaves the organization — can leave gaps 
in maintenance and troubleshooting capability. 

A massive disruption in operations due to offloading legacy systems or modernizing in agonizingly slow stages allows weaknesses and breaches to go on undetected. If companies are going to evolve with technology, they need a way to update their data ecosystem with minimal disruptions. Otherwise, moving data, copying data, and giving access permission through a manual case-by-case basis quickly turns into a security risk.

See More: Data Privacy: A Business Playground or Management Minefield?

Read more …