Comment: Data Privacy Day 28.01
Data privacy is a topic that businesses have held close to their hearts, especially during the course of the COVID-19 pandemic. Now, as we approach this year’s Data Protection Day, Snow Software is helping raise awareness of the importance of this subject.
Rob Price, Senior Specialist Solutions Consultant and Global Lead for Risk & Compliance at Snow Software, has been discussing the topic of data privacy and urges businesses to consider the specific protection requirements for each piece of data, as ‘not all data is created equally.’
• How do you think the area of data privacy and protection has changed in 2020 (due to the pandemic, shift to remote work or just generally)?
“Changes to regulations are generally slow burning processes that lack the agility to react to fast changing situations such as those we have witnessed through 2020. If we split the two disciplines described into their constituent parts and focus on protection, then the IT landscape is a very different place to this time last year. A lot of attention has been placed upon the pressures of a workforce suddenly forced to work from home or remote locations, and the IT function has had to adapt and accelerate programs for enabling this immediate requirement.
“We have seen an unbelievable amount of change within the IT landscape, emergency budget decisions, adoption of new enabling technologies and working practices within 2020 – A rate of change I don’t believe has ever been witnessed before, and all this change equals opportunities for threat actors, meaning data protection has never been more important or challenging than it is now. Remote working and communication has thrown open the doors of risk to organisational data, with endpoint protection significantly weakened, shadow IT growing, employees having to find new ways of completing tasks whilst being distracted with home education and the challenge of finding food (or toilet rolls) for the family. All of this change and distraction makes it easier for the bad guys to make off with the life blood of your business – Be that the personal information of your customers, or the intellectual property that is the future of your company.”
• GDPR, CCPA/CPRA, and other data privacy and protection regulations have started to really take hold. Now that we’re seeing these regulations across the globe, should we expect additional protections? And will we see any major movement around enforcement for these regulations now that we’re in 2021?
“I strongly believe that we will see a continued ‘domino effect’ of adoption of regulations that match the ‘gold standard’ of GDPR across the globe. But as stated above, this is not likely to have been due to the pandemic in 2020, but more to do with the demands of the population refusing to continue to accept the reckless behaviors that are negatively affecting their futures – Do not underestimate the personal anguish involved in having to clean up the mess left behind when someone has stolen your identity and trashed your life – Finances, reputation, place to live, passports and freedom to travel to name just a few.”
• Also, we saw developments last year around those organizations that had been given huge GDPR fines like British Airways and Marriott negotiate their fines down significantly? Is this going to be a trend and if so, is there still a point to regulations like GDPR? Or are these negotiations more reasonable given the amount of investment these companies will be putting towards remediation and/or additional protections in the future?
“I’m not sure we can describe the ‘fine reductions’ in this way given that the figures published where related to the ‘notice of intent’ and not the final findings. I think the original figures were based on ‘worst case’ and published by the offending parties (maybe just making their own boards and investors aware, and giving them a shake-up). Indeed, there has been a significant increase in actions being taken by the regional commissioners offices around the EU, with many more organisations and individuals being bought to prosecution under the legislations – So things will continue to get worse for the reckless.”
• Are there any best practices that you would recommend or like to remind organizations about on this day in particular? Or anything that maybe organizations made a lower priority as they have been managing remote working environments?
“Don’t lose sight of fundamentals of solid IT practice – Ensure the minimum level of access to perform the required function, keep an accurate inventory (software and hardware) and keep everything up to date – Including awareness training for ALL employees.”