Mandates for Personal Data Privacy and Security
State-level privacy regulations increased in the United States in 2021, such as Virginia and Colorado, while GDPR matured, POPIA was passed in South Africa, and PRIMER was implemented in China. Among other things, we discovered what might help a state-level data privacy bill succeed in the US: One can almost always count on a state bill’s passage as soon as the Attorney General gets involved and lends his support. Except for some Washington state legislation, Colorado had the support of the Attorney General.
Legal and IT departments should take this rapidly shifting landscape into account when planning their budgets and resources for 2022. When it comes to implementing privacy laws, you don’t want to be scrambling to meet the requirements. Even though all privacy laws are data-centric, not all of these laws correspond one to one with requirements in terms of technology or law. As a result, they all share a common goal: to know and protect the organization’s most sensitive data, which is any data that involves a person. It’s more important than ever to make sure that your organization is adhering to regulations, using existing tools and strategically adding new ones to their toolboxes as needed.
Security and data engineers should be included in your budget and spending analysis when possible. Typically, these teams have a better understanding of their resources and what is at stake. You’ll need to ask the tough questions after engaging these groups to determine where your compliance is lacking. For example, if you’re adhering to HIPAA or PCI DSS, you’ll likely have an arsenal of tools at your disposal for network security, log management, and more. For example, it’s possible that the IT department will now prioritise expanding its workforce, improving its training programmes, or even outsourcing some of its work.
The final step is to see if there are any gaps in your current toolset that need to be filled. While no one can tell exactly what laws will pass in 2022 and what those laws will have in them, we can look at are the trends of recently passed data privacy laws, as well as some of the talks we’ve heard about PIPEDA and HIPAA modernising and PCI DSS releasing version 4.0. Most companies I’ve seen are also still vastly unaware of what data is where, whose data it is, and even how they received or generated the data. And this is only on the IT side.
The communication gap between IT, the business, and legal departments is often still broken. Getting IT security to talk to data governance or data science teams can be a challenge for some organisations.
If you’re looking for a single data discovery tool that can tell you where and how much data you have, then mature and proven solutions can be of great help. This allows IT and legal groups to focus on changes in policies, procedures, and IT processes and development rather than information. There are many benefits to adopting a single solution approach, such as making sure that the right teams are aware of what data is where, allowing them to more effectively leverage security controls.
This approach is also vital in keeping data safe for the new normal of a hybrid and/or fully remote workforce. Ransomware and email phishing are the biggest threats in 2021. If employees are working with large amounts of the organization’s data on their laptops while disconnected from the VPN, how secure is the system, as well as the data? Is the IT team even aware of what data is on this laptop?
Additionally, some of the more comprehensive endpoint protection solutions on the market offer file classification, encryption, and redaction for endpoint data discovery. The VPN ensures that even if the endpoints do have sensitive or confidential data on them, it is protected even when disconnected from the VPN. In addition, this solution will deal with any files that are incorrectly classified or files that are reclassified as your staff works on them.
The year 2022 is just around the corner, and as we celebrate, let’s keep data awareness at the forefront of our minds and begin treating all corporate data as if it were our own personal data. After all, you wouldn’t want another company to protect your data any less than you protect theirs. Get the most comprehensive protection for the most platforms possible.
With this rapidly changing landscape, legal and IT departments must plan their budgets and resources for 2022 accordingly. In the United States, states like Virginia and Colorado will tighten their privacy laws in 2021. It’s now more critical than ever to ensure that your organization is adhering to applicable laws and regulations. In many cases, there is still a communication chasm between IT, business, and legal. You can greatly benefit from mature and proven solutions when looking for a single data discovery tool that can help identify where and how much data you have.
There are numerous advantages to implementing a single solution. We’re only a few years away from 2022; let’s keep data awareness top of mind. In 2021, the biggest dangers were ransomware and email phishing. A hybrid or fully remote workforce will require this approach to data security in the new normal.