The year 2021 brought an increased alphabet soup of data privacy legislation here in the United States (CCPA, CPRA, CDPA, CPA… my spellcheck thinks I have some type of Data Tourette’s right now), with more on the horizon (New York’s NYPA, New Jersey’s NJ DaTA – now you’re just toying with my spellcheck, New Jersey – along with Massachusetts, Maryland, Nevada, Maine, and Hawaii, whew!). Some privacy pundits (okay, mostly me) think the United States is headed for an overarching data privacy law to supersede this hodge-podge and will be tied to increased enforcement (read weightier monetary fines).
However, with the eroding of borders for corporations and the rise of multinational companies, US data privacy laws certainly shouldn’t be the only concern for Data Managers. A smart bet for orgs will be to tailor their data privacy protections to the most restrictive law that is out there (and orgs will have to decide if that is LGPD, PIPL, PIPEDA, KVKK's LPDP, or the granddaddy of them all, GDPR!)
Data Security is Critical to Your Organization’s Reputation
It’s no secret that data security is critical to any org’s reputation. A full 63% (and not a penny more) of North Americans would rather purchase from organizations that protect their privacy, according to The Tech and Trust Report. The same study found 62% of respondents are concerned about their data's safety as the world becomes further digitized. Customers care about interacting with companies that protect customer data. Conversely, a McKinsey survey states that some 87% of consumers say they would not do business with a company if they had concerns about its security practices. This statistic is borne out by my grandmother and great aunts stating they would never shop a certain retail store because their friend Maisy had her credit card data stolen from said store! When you make Grandma feel unsafe to shop, she takes her checkbook and her rolled nickels elsewhere.
Consumers quickly fall out of trust with a company that suffers a data breach. A marketing department will spend months, if not years, in damage control after an incident, states Security Intelligence, (and I so, so feel for them) and cause consumers to go elsewhere with their dollars. According to a HelpNet Security article, Businesses facing post breach financial fallout by losing customer trust, 83% of consumers claim they will stop spending with a business for several months in the immediate aftermath of a security breach (see previous paragraph, re: Grandma). Lest orgs hope consumers have short-term memories, up to a third of customers in retail, finance and healthcare will stop doing business with organizations that have been breached.
Monetary Costs of a Data Breach
Yes, you’ve upset Grandma, but don’t forget the monetary cost of a data breach to an org’s bottom line. Data breach costs rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of The Cost of a Data Breach Report. Lost business carried the highest cost, accounting for 38% of the average total cost of a data breach, according to the report. Ransomware victims alone spent an average of $2.09 million on remediation costs in just the United States, reports Forbes. Trends show that demanded ransoms and payouts are also on the rise. (Incidentally, my mother received a phone call from her “granddaughter” crying that she was arrested in a foreign country and needed bail money sent to her via gift cards, and since Granny just had Thanksgiving dinner with said granddaughter the day before, rightly hung up, then called me to verify that her precious granddaughter wasn’t indeed drunk and in jail, and when confirmed she had done the right thing by hanging up, asked me if she was a victim of Ransomware. True story, but I digress.)
Protecting Data is the Smart Thing to do
Data privacy and protection ensure that your company’s data is safeguarded from unlawful access by unauthorized parties. Organizations need to consider not just the monetary costs but the wider consequences of a data breach, including fines, lawsuits, loss of customer trust (grandmothers or otherwise), revenue and reputation. So not only is protecting data a smart thing to do for your bottom line, it’s important to your customers, too.
If it’s January, Then it’s Time to Celebrate Data Privacy
January 28 has traditionally been Data Privacy Day. With the rise of data breaches, we now get a whole week! The goal of Data Privacy Week is still the same, to raise awareness and promote data privacy and data protection best practices and is sponsored by the National Cyber Security Alliance (NCSA). Although this day is mostly to raise awareness for consumers, businesses are encouraged to keep consumer data out of hacker’s hands by understanding what and where are the “digital crown jewels” others want, learning how to protect those assets, detecting when something has gone wrong, and reacting quickly to minimize impact. CyberRes, a Micro Focus line of business, believes so strongly in promoting Data Privacy, that we are Data Privacy Week Champions.
Steps to Secure your Data
We strongly encourage our customers to take a holistic, analytics-driven approach to securing what matters most—identities, applications, and data. Incidentally, identities have evolved beyond heartbeats, what with the Internet of Things (IoT) and a rapid increase in connected devices. The lack of proper identity and access management is a major concern. Businesses need to ask, who has access to what, and how are privileges managed?
With Covid-19 and its variants still hanging around in 2021, consumers are turning more and more to mobile apps. Shopping app use grew 30% in 2021 as shoppers continue to use mobile even as physical stores reopened. Database company Statista projects e-commerce sales from mobile devices will surpass $432 billion (that’s billion with a “b” by the way) by 2022. Woe to the business that rushes an app to market and then gets hacked and their customer data stolen and then sold on the dark web. Businesses need to be able to find and fix vulnerabilities in all application types—on premises or in the cloud, and practice fast security testing to get secure apps out to the waiting public.
To have a good understanding of where their data is, organizations need a comprehensive data discovery solution. Voltage File Analysis Suite (FAS) provides discovery, tagging, and context-aware analytics across unstructured repositories. An added bonus is that FAS can identify data subject information and organize data into subsets via Workspaces allowing Consumer Data Requests (CDRs) and Data Subject Access Requests (DSARs), for when all those data privacy laws start empowering consumers to request their info. Structured Data Manager (SDM) discovers sensitive structured data such as social security numbers, credit card data, and client names in on-premises, cloud, or hybrid systems and classifies data for disposition.
But knowing what is sensitive customer data and where the sensitive data resides is not enough. With cyber attackers lurking seemingly everywhere, external or even internal, enterprises cannot fully control and trust their data environment. They have to instead protect the data itself with data-centric security. Voltage SecureData secures sensitive data with encryption wherever it flows—on premises, in the cloud, and in big data analytic platforms.
Most of those privacy regulations mentioned above, such as the CCPA and GDPR, recommend encryption and pseudonymization as techniques to protect personal data. Voltage encryption, tokenization, and hashing techniques retain meaning, context, and relationships in protected data, while dramatically reducing the risk of data breach and non-compliance with regulations.
What Will 2022 Bring?
While we can’t predict the future (Are shaved heads going to be the *look* of 2022?), or know what cyberattacks will be prevalent we can help your org stay out of the headlines by helping to prevent data breaches (and speaking of cyberattacks, Log4J anyone? And is it pronounced “log-4-Jay” or “Log-forge?” We seem to have another GIF-JIF debate on our hands, but I again digress). So for Data Privacy Week we issue a call to action to enterprises large and small: take the right steps to protect your information so grandmas everywhere can sleep well at night.
One thing you can do right now is share your support for Data Privacy Week by following us on Twitter and LinkedIn and by using the hashtag #PrivacyAware. Let us know the steps your org takes for data privacy by logging in or registering and commenting below.