Celebrated on January 28, Data Protection Day serves as a global reminder of one of the most important responsibilities for any organization: Keep your data secure
In this digital age, data is everything. From developing new business models to integrating digital in every aspect of the business to deliver exceptional experiences, organizations reinvent themselves and prepare for the future with effective data strategies.
With the monumental rise in data traffic in the increasingly digital ecosystem, it has also become critical for organizations, customers, and employees to be aware of data security's best practices and principles. Celebrating Data Protection Day aims to raise awareness about data security and remind ourselves about data's importance.
Experience shows that countless organizations around the globe are open to cyber-attacks as their data security measures are inadequate. Consumers are constantly discovering the information collected about them, how that data is used, and how daily breaches put that information at risk. Consequently, companies must prioritize security to maintain consumer trust (and remain compliant with regulations).
India and Data Privacy Day
In recent years, data privacy compliance has become a critical consideration driving critical business decisions as companies look to transform digitally. Cybersecurity vulnerabilities continue to increase as companies grow their digital footprints due to the generated massive amounts of data. Today, many organizations in India and around the globe are exposed to sophisticated vulnerabilities as their infrastructure, and data security framework is inadequate.
"The Data Privacy Day comes as a reminder for organizations to assess their cyber-risks and ensure strong data privacy protections are in place but in such a way that will not impede innovation within the digital economy," says Peter Waters, Chief Privacy Officer, Equinix.
India, too, is taking steps to enact a data protection framework that incorporates many elements of the GDPR. The new law, the Personal Data Protection Bill (PDP), is currently in front of parliament and proposed a comprehensive overhaul of India's current data protection regime.
Experts from the industry believe that as the union government gears up to introduce laws to protect consumer data, organizations should bear the onus of educating their employees. Data protection is only successful when all components within the infrastructure—including all employees—are prepared to handle it.
On how to achieve this efficiently, Rajesh Ganesan, Vice President, ManageEngine, suggested, "Data protection must be built right from the design stages of all services and operations. It should be present as a strong, invisible layer. It is best to educate employees on the do's and don'ts of data protection in a contextually integrated way into their work, as opposed to relying solely on periodic training. Given the forthcoming legislation, corporate data management is more important than ever, and it's up to business leaders to create the teams, structures, and expertise to keep all their corporate data well-protected and staying compliant in 2022,"
With the hybrid work model, organizations also process complex amounts of data in environments where frequent data exchange may occur from multiple touchpoints. The influence of emerging tech like cloud-native applications, Kubernetes containers, and AI in day-to-day business activities also increases the risk of misuse of data due to the lapse in the upkeep of cybersecurity goals and IT infrastructure, making organizations vulnerable to cybersecurity threats, further added Ripu Bajwa, Director, and General Manager, Data Protection Solutions, Dell Technologies, India.
Consumers are also constantly discovering the information that is collected about them, how that data is used, and how daily breaches put that information at risk. Consequently, organizations must prioritize security to maintain consumer trust and remain compliant with regulations.
When the World Wide Web launched in the public domain on April 30, 1993, no one realized the sheer amount of personal information that would be stored and shared online. According to the World Economic Forum, it's estimated that by 2025 there will be 463 exabytes of data created every day! This poses a challenge for organizations as managing data has become increasingly complex , and governments around the world have tried to rein in what and how we share and store data.
"Data privacy concerns have been exacerbated by the pandemic as we have seen an uptick of ransomware and cybercrimes with bad actors taking advantage of the rapid shift to remote work, the increase in online deliveries, and the proliferation of QR codes. The sheer amount of data we share about ourselves online is a privacy concern and more alarming is that many workers are using the same devices for personal and business activities. For this reason, it is critical for businesses to be able to manage all devices that access their network, along with effectively prioritizing and remediating vulnerabilities that pose the most danger to their organization," said Lana Xaochay, Ivanti Data Privacy Officer.
Due to the increasing complexity of data flows, enterprises need to evolve past securing data at rest to a posture of continuous governance where all data is protected. Increasingly, we see enterprises place, manage and analyze data at the edge, closer to their users, services and clouds. "Meanwhile, concerns over the security and privacy of data in movement and/or in the cloud have also increased. This situation is more critical in Asia-Pacific and has driven the need for better technology and infrastructure solutions that improve data accessibility, security , and control while meeting increasing data privacy requirements. It is a balancing act, added Waters, Chief Privacy Officer, Equinix.
Addressing the Challenges
On addressing these challenges, Director and General Manager, Data Protection Solutions, Dell Technologies, India, recommended a few steps that organizations must take, including an accurate inventory of data. This is critical for adhering to data privacy regulations, such as GDPR. Many organizations may not know the information they have or where it is going, thereby making it difficult to protect it. Additionally, solutions that dynamically allow or deny access based on contextual factors like a user's location, device type, or job function are highly favorable, along with data loss prevention (DLP) capabilities. India is also taking steps to implement a data protection framework that incorporates many elements of the GDPR.
Ultimately, in today's highly regulated data environment, Indian organizations need to adopt and build effective compliance strategies to achieve business value. Organizations with low levels of data protection and data governance frameworks need to change quickly.
Today people are more empowered than ever to exercise their rights, submit Subject Rights Requests (SRRs) and reclaim control of their information. They want to understand how their data is used and to access, correct, delete and restrict use. "To meet these data-intensive demands and overcome a scarcity of resources to support key business activities, organizations must embrace process automation for SRR response and apply case management tools that best track its performance and effectiveness. A well-executed program that delivers a strong experience will be critical to improving customer satisfaction and loyalty," explained Andy Teichholz, Global Industry Strategist, Compliance & Legal at OpenText, on how to address the challenges.
Data privacy reform has changed our global community forever. "As we begin 2022, organizations face an emboldened world demanding greater accountability and trustworthiness. The recent steps taken by several countries to bolster their consumer privacy rights and processing activities (such as China's Personal Information Protection Law) will have a far-reaching global impact on privacy rights and data protection practices," says Teichholz.
Data protection is all about freeing ourselves from digital slavery. The goal of data protection is to give power to the data owner. It is the capacity to decide what data should be stored, how it should be used or not used, and to make sure they don't end up as slaves to the machines.
"We leave our digital trails whenever we engage digitally. Algorithms have started using the data to condition our minds, influence, and sometimes even dictate what we should be doing in the future," commented Kumar Vembu, CEO and Founder, GOFRUGAL
Data protection means empowerment to the consumer so that they have the freedom of choice every time they shop. It is about establishing a level playing field and healthy competition in business. Most importantly offer a guarantee about the security and safety of personal and business data, further added Vembu.