For every boon there is a bane. With increased usage of internet, communication has become very effortless. On the downside, there is a higher risk element for personal information. Data breaches have become more harmful in today’s age of digitization impacting not just individuals but also enterprises like Marriott, eBay, Equifax, Yahoo and LinkedIn amongst many others. There were allegations that an agency misused individual information of over 50 million US Facebook users to influence the US Presidential Election of 2016.
Data breaches in any form can lead to serious impairments of both personal and business front, as they directly impact an organization’s image, its credibility and potential exposure to regulatory proceedings. In order to mitigate the risks of data breaches, it is very important to understand what exactly leads to the exposure of data into the wrong hands.
How is your data accessed?
Data is basically the core for strategic decision making. A “dedicated” data analysis team reviews data thoroughly, forecasts trends and presents it to the executive leadership in a user-friendly format enabling them to make better decisions based on metrics. This is also called “data driven” decision making.
Typically, data in this scenario points to customer preferences, biometric data, health & wellness, personal details etc. However, handling sensitive personal data collected from users is of paramount importance.
There are many loopholes in any enterprises’ data collection and storage capabilities. Migration of huge chunks of data to cloud–based platform also exposes data to unwarranted entities. Third-party data sharing agreements are also one of the major reasons for data breaches worldwide. A well-defined Data Privacy model can aid in safeguarding your enterprise data.
What is data privacy?
In simple terms, Data Privacy is an integral part of any organization that describes the practices which ensure that the data shared by customers is only used for its intended purpose. It dictates how customer data should be collected, used and shared among other parties. It lays out strict rules, that each organization should adhere to, in order to ensure the safety of the data they collect from their users. In the wake of increased awareness and strong business initiative about having data protected well, many countries have brought in strict legislations on Data Privacy & Protection.
The laws governing data privacy
Data privacy has different but similar laws in various countries. The European Union (EU) has laid out the most comprehensive data privacy regulation known as General Data Protection Regulation (GDPR). The GDPR applies to businesses carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
Basically, a customer will have the following rights with regard to their Personal Information (PI):
- Access: right to see and request a copy of PI collected, disclosed or sold
- Deletion: right to request company to delete their PI (including 3rd parties)
- Opt-Out: right to opt-out of sale or disclosure of their PI
Many countries have followed suit and initiated data privacy laws to ensure the safety of their citizens’ information. In Africa, 19 countries have initiated the process of forming data privacy laws, few of which are in the draft stages . Australia, New Zealand and India have also made data privacy their priority and framed strong legislations to protect data online/offline collected through different means.
In the United States of America, the state of California has introduced a legislation called California Consumer Privacy Act (CCPA) whose intention is to enhance privacy rights and consumer protection for its residents. With so many countries around the world coming forward with their own laws, it only points towards the increased importance of data privacy and protection in most businesses today.
Why is data privacy important?
Today most of the urban population around the world deals in credit cards and online payments. Most of us rely heavily on apps to transfer small or large sums of money, without actually understanding how this process takes place while accessing sensitive information. While many online facilities bring services to the doorstep, they do come at the cost of risks of data exposure. While we seamlessly trust the online entities by giving them the consent to share our data with third parties, it is vital that enterprises treat this trust bestowed upon very seriously. It is important for enterprises today to have resilient secure and risk-free data protection framework in place to ensure the safety of data collected.
As we read about high profile data breaches of top-notch brands across sectors of businesses, the emphasis on data privacy is at an all-time high. It is important to realise that data privacy is the right of the consumers and organizations today are obliged to ensure that customer data is collected, used and shared with the right intent and safety and with complete adherence to the applicable privacy legislations.
Although, many alarming breaches have been exposed in the recent times, it only gives enterprises more food for thought and to ensure that the data collected is secure in all forms. Furthermore, data privacy has to be implemented in conjugation with local governments, so that enterprises can be functional with the legal aspects involved as well.
 Centre for Internet Governance Innovation – Ipsos, ‘2016 CIGI-Ipsos Global Survey on Internet Security and Trust’, 2016
Sowmya Tejha Kandregula, CDMP is an internationally recognized data management expert leading data governance/metadata management/data privacy/data security/data integration projects at businesses such as AstraZeneca, NBC Studios, Harvard University IT, Gilead Sciences, Royal Bank of Canada, DTCC, Wells Fargo, Fannie Mae, Cisco, COLT Telecommunications and Bank of America. Sowmya’s recent emphasis has been focusing on growing set of data demands including a changing landscape of privacy laws, increased movement of data onto the cloud, and a greater dependency on quality governed data for machine learning and Artificial Intelligence (AI) solutions.
Believing in the penchant – “knowledge sharing is the best way of learning”, Sowmya conducts seminars, webinars and training sessions for aspiring information management professionals on a pro bono basis. To date, Sowmya has mentored over 800 professionals across the globe.
Sowmya also serves on the advisory panel of various organizations, professional and non-profit associations. Most recently, Sowmya became an advisory board member at the Association for Data & Cyber Governance (https://adcg.org/advisory-board/) headquartered at Arlington, VA.