Data privacy is more than just a security measure. While keeping a tight rein on business systems from the cybersecurity perspective matters, for businesses, data privacy is also about their obligation to customers and consumers.
Data privacy is centred around how data should be collected, stored, managed, and shared with any third parties, as well as compliance with the applicable privacy laws.
This year all businesses in the U.S. can expect states to enact more of their own consumer privacy laws, as well as potential for new federal laws. According to Tilo Weigandt, COO and co-founder of Vaultree, a data-in-use encryption provider: “It is important to note that data privacy is a complex issue and there is no one-size-fits-all solution. For example, a zero-trust framework powered by AI and machine learning is not the only solution to best protect your data.”
This means that an organization needs to review and assess the appropriate systems for their business model and to understand those that will be most appropriate for their customer base. As Weigandt notes: “Other approaches include using encryption, implementing strict access controls, and regular monitoring and auditing systems.”
Weigandt explains to Digital Journal that risk centric approach is required, one where: “Organizations should consult experts to determine the best approach for their specific needs and requirements, especially with data privacy rules certain to get more strict.”
This is seen with the current trajectory in terms of regulations that are emerging at a more local level: “State-level momentum for privacy bills is at an all-time high to regulate how consumer data is shared. Recent developments such as the California Privacy Rights Act, the quantum computing security legislation, and Virginia Consumer Data Protection Act clearly show that protecting consumer privacy is a growing priority in the U.S.”
It is also important for firms to ensure that the rules are followed. This requires, says Weigandt : “Compliance with relevant data privacy regulations such as GDPR or HIPAA is also crucial. One tactic able to support all of the above and the essential basis of all cybersecurity practices is data-in-use encryption because working with data in a fully encrypted format opens up numerous possibilities for companies.”
This different perspective on handling data shows data management to be a more challenging process than it initially appears. This leads Weigandt to summarize: “Data Privacy is a complex and ongoing process, but it is worth it. Protecting your data properly will mitigate a data breach’s financial, cyber, legal, reputational, and business risk.”
In order to build a more solid foundation within the firm, Weigandt recommends that companies pay particular attention to protecting data, and data-in-use encryption.
