Experts offer advice for Data Protection and Privacy Day 2022
Data Protection Day as it’s marked across Europe, or Data Privacy Day, internationally, is an annual marker in a very challenging cybersecurity challenging calendar. Consumer data is regularly stolen, and enterprises and public sector organisations are often in the headlines because of incessant attacks from cybercriminals as well as from accidental privacy misadventures.
All organisations find maintaining privacy and data protection best practises a challenge in this environment. With increasingly strong regulations levied from across many national and regional jurisdictions, staying on top of data privacy and protection is only ever becoming a bigger priority with high risks and penalties at stake.
Five experts from across the enterprise technology space offer their opinions and advice for organisations of all sizes. From cybersecurity and password management to customer data, data analytics, and software development, these thought leaders have shared their experiences so you can benefit.
Rob Zuber, CTO, CircleCI
“In today’s world, we use tools built by others, offering greater agility, allowing us to work faster and more efficiently. The caveat? It’s easier to lose sight of what is happening. Security is core to the software business and software is core to every business. Data security must be core to every business from the infrastructure and software layer upwards - and it starts with developers and their mind-set.
“Leaders need to think about the security of their offerings at every point in the systems development lifecycle: From including security engineers from the design phase through to regular third-party audits of code libraries and service provider standards. With this greater traceability, developers are empowered to write, test, and measure those improvements using a Continuous Integration/Continuous Delivery platform, resulting in shorter lead times for developing features and bug fixes, as well as greater agility concerning changes in development priorities and market trends.
“The bottom line is that your team is your most valuable set of security researchers. They know your applications best and must be the first line of security and data privacy defence, creating a secure foundation for the entire business.”
Drew Bagley, Vice President & Counsel, Privacy & Cyber Policy at CrowdStrike
“Increasingly, privacy is not only a core social value but intertwined with technologies used in daily life. Although threats to privacy can take many forms, one of the greatest threats today comes in the form of data breaches. Consequently, modern privacy laws require holistic data protection in both privacy and cybersecurity.
“The GDPR, California’s CCPA, Brazil’s LGPD, Japan’s APPI, and sector-focussed laws take common approaches to not only laying out rules of what organisations can do with data, but also make clear there are risk and impact based obligations to protect data against breaches and make appropriate notifications in the event of one.
“In the past year, the UK has signalled it may chart its own data protection course separate and apart from the EU. The Information Commissioner’s Office (ICO) has solicited feedback from the community to inform the potential adoption of a more flexible cross-border data flow regime. This can be a very positive development for incentivising UK regulated organisations to protect personal data with the best cybersecurity technologies and practises. Leading security solutions are cloud-based and global, using massive compute power to hunt for threats in customer environments and track the spread of malicious activity around the world. This is only possible through global data flows. Adversaries don’t care about borders or regulations, and the ‘white-hats’ need global collaboration and data sharing to combat the ever-present criminal threat. Recently, these have been coming from ‘Big Game Hunting’: targeted ransomware that hits enterprises in campaigns seeking valuable datasets. Recent activity has included an adversary leveraging ransomware in an initial attack coupled with a second round of extortion to try to prevent the stolen data being leaked.”
Craig Lurey, CTO and Co-Founder at Keeper
“People's personal data has become a hot commodity. As a result, we have seen a record number of cyberattacks and data breaches in recent years as cybercriminals will stop at nothing to get their hands on people's data. Personal data is used for advanced social engineering attacks, password stuffing attacks and ransomware attacks against companies and individuals.
“Despite this, people and companies do not pay enough attention to the tools and software that has access to their personal and corporate data. Rigorous vetting of software that is installed by end-users on mobile and desktop devices is not taking place in many cases, which may inadvertently be placing user and corporate data at risk.
“As we mark Data Protection Day, it is therefore critical to highlight the importance of using powerful and sophisticated tools that properly secure people's data. Users should pay particular attention that the software has strict privacy policies and utilizes a zero-knowledge architecture, which ensures that the company developing the software has no ability to access or decrypt the user's data stored within. This is key if consumers and business users want to make sure their personal and sensitive data is - and continues to be - well protected.”
Kieren Niĉolas Lovell, Head of Information Security, Pipedrive.
“Data privacy and protection are a central part of modern sales and marketing teams’ responsibilities. There can be no trust if customer personal information isn’t safe and secure. Data breaches from cybersecurity incidents or simple internal mistakes have the potential to risk customer finances and identities, with remediation requiring considerable time to fix and monitor.
“Data privacy and protection must be understood at a department and organisation level, as well as the credentials of any service providers used - with all their dependencies and IT supply chain. Clearly this is a challenge for SMBs who must look for best practises from suppliers, such as each company’s data in any cloud applications being stored in a separate database, avoiding risks of unwanted leaks into another company’s database, and basics such as using only secure HTTPS connections, where all information is encrypted. Asking about how service providers manage the many recent national regulations from major markets is vital, to ensure your own data use stays safe.”
Cindi Howson, Chief Data Strategy Officer, ThoughtSpot
“Data privacy, governance, and business success are very much intertwined. Those working with data must feel a sense of responsibility as if they were keeping their best friend’s most vulnerable secret. In a digital world, data links back to real people - where they went in that Uber, what store they visited before shopping at a lingerie store, and what movie they streamed on their phone. Data enables personalised digital interactions and more efficient movement of goods. But failure to respect customer’s data privacy risks loss of trust, revenue, and brand value. With more digital data, businesses need to be more transparent in the data they collect and how it’s used.
“Increased regulation is one approach to ensuring privacy, but the best businesses will design privacy policies with a customer-first mindset, as opposed to exploiting customers for their data.”