It’s Data Privacy Day this coming Saturday (January 28) – another chance to remind consumers and organizations of the importance of protecting personal information. From a corporate perspective, it couldn’t have come at a better time as new figures reveal 2022 was a near record year for data breaches. It’s another reminder that it’s impossible to have privacy if we don’t first take care of data security.
With GDPR-like privacy regulations predicted to cover the vast majority of the globe by the end of the year, the threat of reputational, financial and compliance risk has never been higher.
The awareness-raising day itself celebrates the date in 1981 when the first legally binding international treaty governing privacy (Convention 108) was signed. Yet for many years, data privacy wasn’t necessarily something most individuals thought about. As the internet grew and tech giants built vast businesses off the back of mining and selling user data, many consumers presumed privacy was the price they paid for being online.
Then the GDPR happened. The trailblazing legislation handed sweeping new rights to “data subjects” - including the right to restrict processing, have data ported to other services and even have information scrubbed from the internet. On the other side, organizations processing this data were hit with strict new rules designed to ensure they respected these rights, sought explicit consent for use of personal information, and kept users informed thereafter. And crucially, they were required to enhance measures for securing this data – or risk potentially huge fines.
Now the world has followed suit. Gartner estimates that by 2023, 75% of the global population will be covered by modern privacy laws. The passing of GDPR-like legislation in places like Brazil and China means the analyst is probably right.
Start with data-centric security
This has huge implications for data security. Tellingly, the name for Data Privacy Day in the EU is Data Protection Day. It speaks to the importance of technologies and processes that secure the data stored by companies in the first instance. Because without these controls, data privacy will always be a pipe dream.
Just consider the latest stats from US non-profit the Identity Theft Resource Center (ITRC). It recorded a total of 1,802 publicly reported data compromises in the country last year, just shy of the all-time record (1,862) the year previous. These events impacted 422 million victims – individuals whose privacy was infringed by malicious third parties. Many were subsequently exposed to a “scamdemic” of identity fraud committed with that stolen information, traded with impunity on cybercrime sites.
If privacy is therefore the right for an individual to control how their personal information is collected, stored and used, then data security is an essential pre-requisite. By failing to secure that information, organizations risk violating their customers’ privacy rights. From California to Croatia, there’s now a heavy financial and reputational price to pay for doing so.
That’s why data-centric security is a critical foundation for privacy-aware organizations. It posits that sensitive data including customer information be continually discovered, classified and protected – wherever it is in the organization. By choosing providers like comforte, organizations get powerful, seamless security that protects personal information, but still allows them to leverage it for cloud analytics and other use cases.
If you weren’t aware of data-centric security before, take the opportunity of Data Privacy Day to see how it could benefit your organization.