January 2024 sees both Data Privacy Week (Jan. 22-26) and Data Privacy Day (Jan. 28). These are important events in the technology calendar and during this time cybersecurity experts provide insights and tips on privacy and data protection.
One such expert is Larry Whiteside, Jr., CISO at RegScale, who has explained to Digital Journal how new regulations and new cyber-threats are presenting key challenges to the technology officer.
Beginning with data privacy, Whiteside states: “Privacy is an evolving aspect of our digital landscape, and its significance has been shaped by a pivotal driver: consumers actively expressing the importance of their data, particularly in the aftermath of numerous breaches compromising consumer information.”
Another impact on firms is where “Companies have been avidly engaging in data collection to gain valuable insights into the consumers they serve. Consequently, organizations are now under greater pressure than ever to handle data responsibly, which is particularly daunting for those managing large volumes of data. However, by adhering to a few fundamental principles, organizations can effectively navigate the demands of privacy regulations.”
Whiteside has provided five important principles for companies to observe in order to strengthen their controls around data privacy.
Principle #1 – Understand Your Data
Whiteside observes: “To comprehend the privacy implications for your organization, it is imperative to be aware of the data at your disposal. This requires a thorough investigation to identify the type of data, its location, users, and access. Although seemingly simple, this task can be complex, emphasizing the critical importance of Principle #2.”
Principle #2 – Establish Ownership
Whiteside states: “Ownership is key for the execution of any program or process. To ensure accountability, assemble a team of stakeholders with board-level visibility to establish policies and standards governing the organization’s use, collection, and maintenance of data.”
Principle #3 – Implement Sensible Controls
The third point is pragmatic: “At a high level, three control categories—physical, technical, and administrative—need consideration. These controls serve as the linchpin for determining how to handle Privacy Data effectively and align with Privacy Regulatory mandates.”
Principle #4 – Minimize Unnecessary Data
Good housekeeping is important, notes Whiteside: “Organizations often collect data for specific purposes without establishing processes for its proper disposal once it becomes obsolete. Failure to address this exposes companies to unwarranted risks. Following Principle #1 allows organizations to identify data that should be disposed of to mitigate potential risks.”
Principle #5 – Continuous Improvement
The final principle from Whiteside concerns striving to be better: “Many organizations halt their efforts after completing these fundamental exercises, which can be detrimental. A “rinse and repeat” approach can ensure that privacy measures remain effective, adapting to evolving circumstances. Ceasing at this point risks rendering previous efforts obsolete, as the context of data evolves over time.”
