GDPR, CCPA, and Other Emerging Mandates: A Perfect Storm Driving Data Privacy and Protection
The GDPR, the CCPA, and more privacy mandates to follow, have galvanized the enterprise need for operationalizing data privacy and protection. In conjunction with social media privacy abuses and increasing numbers of data breaches, the focus on data privacy is accelerating rapidly to become a board-level concern.
Witness the growth and interest in the International Association of Privacy Professionals (IAPP). Membership has grown to over 60,000 privacy professionals worldwide and their regional privacy events frequently sell out. They must sift through hundreds of presentation submissions to fill only dozens of open speaking slots. Clearly there is a lot to say and debate!
Following the GDPR taking effect May 25 of last year, new legislation is accelerating from several nations and states. California has enacted the CCPA due to take effect January 1, 2020, and on July 6 last year, the European Commission and the Japanese government published a joint statement on international transfers of personal data. More countries and states are announcing regulations, and the United States continues to show growing interest in enacting a national uniform privacy law to help cut through state-level confusion and complexity.
At a recent ISSA CISO Summit in Denver, Informatica’s Chief Trust Officer, Bill Burns, presented to dozens of CISOs and privacy officers on the need for data privacy governance in organizations. Many of the CISOs reported that data privacy and protection is now a topic of board discussions; and they are not looking for education, but action. Many boards now expect a quarterly briefing on data privacy and security for risk reduction and improve compliance posture.
Consumer awareness of data privacy and security continues to grow as well. In numerous surveys and polls, consumers have indicated that trust is a key factor in purchase decisions. In fact, research suggests trust is more important than price. With brand loyalty becoming much more fluid than in the past, it’s all too easy to lose customers and long-term value when consumer rights are not respected and their data is used irresponsibly, or worse, hacked and lost.
At Informatica, we have witnessed positive trends with our customers who are proactively implementing and operationalizing board-mandated data privacy and protection frameworks for compliance with privacy regulations that result in a consistent, scalable, approach. The boards of these organizations recognize the value of data privacy and protection for retaining customer trust and gaining a competitive advantage, unleashing safe value creation initiatives in the process.
The GDPR, CCPA and other mandates have created a perfect storm—and an opportunity— for organizations to view data privacy and protection holistically by enhancing data governance best practices. We believe this is a continuous process to ensure that organizations understand the personal and sensitive data they hold, proactively remediate risks, monitor data for new threats, and manage privacy rights such as data subject access and consent requests. We call this approach intelligent data privacy, which can serve as a foundation for a systemic data privacy and protection framework. This approach offers capabilities to assess, protect and manage personal and sensitive data across the enterprise.
To implement a reliable end-to-end data privacy strategy, organizations need the following capabilities to continuously analyze, protect, monitor, manage and measure compliance:
- Define and manage governance policies
- Discover and classify personal and sensitive data, and understand how it is being used and shared
- Link identities to sensitive data for intelligence on an individual’s data
- Analyze the data’s risk and prioritize remediation
- Put the intelligence to action: protect data, manage subject rights and consent, and
- Measure, communicate, audit readiness
In summary, the market forces behind data privacy, spawned and catalyzed by GDPR and the regulation beyond, strongly suggest that all organizations embrace a unified approach to data privacy and protection. And all indicators suggest these market forces will grower stronger in the future.
Planning for the next wave of privacy mandates is already underway in many organizations, and security, risk and privacy officers must consider how they will meet the future solution scalability needs for data privacy and protection. Not only is it prudent given the current and expected demands of regulators and customers, but boards and customers will expect it.
Informatica’s Data Privacy and Protection solution enables organizations to continuously improve data privacy and protection, discover new and existing data assets, analyze data risk across the enterprise, link identities to sensitive data, understand the impact of data protection before implementation and automate protection workflows for privacy and security teams. Organizations can then monitor for new risk and measure their progress for compliance to regulations and internal policies.