2023 is set to be a year defined by data privacy. Data protection has already dominated January’s headlines, with multiple enterprises and public sector organisations hit by cyber attacks and data leaks that put the data of their staff, clients and consumers at risk.
But data privacy is more than just cybersecurity. As the lives of billions of people now revolve around technology, data privacy has become a basic human right. The world has generated 64 zettabytes of data, and 90 per cent of this data was created in the last two years.
Yet, year by year, thousands of companies across the enterprise landscape fail to collect, store, and manage people’s information in a way that adheres to modern data trends and regulations.
As legislation around data tighten around the world, this data mismanagement can result in hefty fines and leave a company’s reputation in tatters.
Data Privacy Day serves to raise awareness and promote data privacy across the world by encouraging companies to manage and protect the data of their customers.
The event gives data management experts a platform to share their thoughts on the current state of data privacy and provide businesses ways to improve their data protection practices and better adapt to the modern data challenges each year brings to the enterprise.
In this feature article, we’re celebrating Data Privacy Day 2023 by collating valuable insights into the protection of data from some of the top data experts across the tech landscape.
Felipe Henao Brand, Senior Product Manager at Talend:
“Throughout 2022, concerns and debates about personal data have been making headlines. As technologies evolve, so do regulations and scopes of application. With this in mind, expect to see more consumer privacy regulations in the coming months.
The success of artificial intelligence (AI) projects changes the equation. The recent release of AI-based chatbot ChatGPT, which sheds new light on the possibilities offered by artificial intelligence, raises further regulatory questions. How do we frame the use of data in AI projects, including ChatGPT? The European Union’s General Data Protection Regulation (GDPR) would apply to all new AI technologies and platforms like ChatGPT, even if they were developed outside its territory. This is because it applies to any incidents that impact EU citizens.
In its proposal for AI regulations, the European Parliament and the Council established that the promotion of AI-driven innovation is closely linked to the Data Governance Act, the Open Data Directive and other initiatives under the EU strategy for data, which will establish trusted mechanisms and services for the re-use, sharing and pooling of data that are essential for the development of data-driven AI models of high quality. Future regulations will only strengthen the requirement for proper data governance.
To be ready to use these new technologies and thus effectively manage their data, companies must follow three key steps: knowledge, observation, and automation. Knowledge management is crucial in understanding where the data comes from, who owns each piece of it and where to go to avoid uncontrollable security risks. Next, focus on observation to find patterns and eliminate unnecessary steps. Finally, automating manual tasks and alerts is the ultimate goal of data collection to provide informed and proven resilience strategies.
Also, data quality must be a central component of data governance programs to ensure data security and compliance. To help organisations ensure data quality, data must be democratised and accessible to all stakeholders in the organisation. To do this, data observability tools offer the ability to ensure that IT and business departments collaborate on data quality and that the entire organisation has the same understanding of the data being used.
"Data governance is critical to managing an ever-changing technological, economic and regulatory landscape. It's the only way to ensure that the growing volumes of data stay in sync with the changing expectations of consumers and regulators," said Felipe Henao Brand, Senior Product Manager at Talend. "Implementing data quality and observability strategies is a fundamental step for data governance programs to deliver the expected results. Additionally, investment in data governance will prove to be an investment in security. As the threat landscape grows more complex, confidence that one's data is up to standard will be vital."
Chad McDonald, CISO at Radiant Logic
“In recent years, IT and security teams have been dealing with a unique set of challenges, previously never experienced. The majority of organisations are currently in the midst of digitalising their IT, moving to the cloud, and pushing forward in implementing Zero Trust.
Whilst all three of these projects come with their own set of challenges and roadblocks, the recurring theme among all three is identity management. For decades, businesses have been adding more users, systems, applications and domains without necessarily maintaining rigorous control over identity data.
As a result, organisations have built up decades-worth of IT and identity data debt and now have no way of controlling it. For example, 60% of organisations have over 21 disparate identities per user. The identity sprawl within companies means that they have no way of building complete and accurate user profiles or keeping profiles up to date. This presents significant security risks to organisations.
With security teams under constant threat of cyberattacks, while also now dealing with tighter budgets due to the looming recession, managing identity data can be a cost-saving solution. By unifying and streamlining identity data through an Identity Data Fabric approach, organisations have a single resource to access accurate identity data in real-time.
Security teams can then maintain complete visibility and control over identity data when digitalising systems or moving to the cloud. This is an important step towards minimising the size of their attack surface and stopping the majority of identity-related breaches.
Organisations that have strong data classification and controls which assess attributes such as location and access history can then properly identify who should be accessing what. Identity management can then go on to support security projects such as Zero Trust, which work on the principle of properly identifying someone before they are given access to certain areas of the network.”
Kelly Ahuja, CEO at Versa Networks:
“The world is more connected than it has ever been before. With hybrid work becoming the new normal and the increasing demand for Internet of Things (IoT) devices, the traditional approaches to cybersecurity and data protection are no longer sufficient.
Users are connecting from everywhere to systems and applications via private and public clouds, dissolving the enterprise perimeter. They are also connecting devices such as phones, tablets and laptops, to both their work and home networks, ultimately, blurring the divide which was once there. As a result, hybrid working and increased IoT devices are expanding organisations’ attack surface and providing the perfect entry point for threat actors. Once they have penetrated the perimeter, threat actors can move laterally across the network, accessing sensitive data and exfiltrating it before security teams have even had time to react.
Any connected device can be used by cybercriminals to breach home networks and then move laterally to the networks of large enterprises. Essentially, the next major data breach could start from someone’s kettle, home tablet or laptop. There is a clear problem when it comes to security in the remote working world, however, it is pointless securing networks if that solution hampers both connectivity and performance.
Secure Access Service Edge (SASE) integrates networking and security and is invaluable to hybrid workforces as it adds another level of security. SASE ensures that the entire network is visible – this includes all connecting remote workers and IoT devices – and networks are segmented – restricting the movement of malware and allowing security teams to quickly locate, detect and mitigate cyberattacks.”
Data Privacy Day raises awareness and promotes privacy and data protection best practices.
To read more about how to better manage data, visit our dedicated Data Management Page.