It has been said that 2018 was the year we lost our privacy. But regulators are busy enacting new legislation--or enforcing existing laws--to ensure that we gain our privacy back. GDPR is only the most prominent privacy legislation, but there are hundreds across the world. California recently approved their own GDPR-style privacy law, the California Consumer Privacy Act (CCPA).
Similarly to GDPR, enterprises around the world have to comply with the CCPA if they have personal data from California residents, no matter where the company is based. And CCPA is only one of literally hundreds of data privacy and security legislations in the 50 American states, let alone the world.
The hope enterprises had was that by complying with GDPR, they would be also be complying with new legislation such as CCPA, but unfortunately the answer is largely “no.” While they may be very similar, there are key differences that need to be taken into account, including different definitions of “what is” personal data and restrictions on data sharing. The fact that each regulation may have different requirements, raises the stakes for enterprises to improve data governance and protection throughout its lifecycle.
The challenge of protecting privacy throughout the lifecycle of data.
The challenge enterprises face is how to manage and protect privacy throughout the lifecycle of data. Data flows from the edge of the network, from IoT devices and of all kinds of endpoints, through applications and file systems, into storage in the cloud or on-premises. Throughout its lifecycle data can be duplicated many times, grouped with other pieces of data, and placed in “forgotten” inactive storage systems. But data is rarely deleted, especially customer data.
Enterprises need a way to manage data privacy from a single location throughout the lifecycle of data. This is a daunting challenge that we can break in a few major tasks:
- Discovery: Where is the “Personal Data” across my entire hybrid IT real estate?
- Classification: How do I isolate and classify it?
- Enforcement: How do I manage it and dispose of it according to policy?
- Protection: How do I protect sensitive data while keeping its usability for business processes?
- Documentation: How do I document the steps I have taken for audits and compliance?
Each one of these tasks is a complex project in itself, and overcoming them may cost enterprises millions in time and resources, and end up achieving only limited success.
Micro Focus Data Privacy Manager
That’s why Micro Focus Information Governance and Data Security have joined forces to tackle the privacy management challenges of enterprises. The Micro Focus Data Privacy Manager is a solution that manages and protects sensitive structured data throughout its lifecycle, from discovery and classification to policy enforcement, protection and documentation.
By managing privacy and the security of sensitive data from a single pane of glass, enterprises not only can reduce their privacy risk, but also protect big data projects, speed up hybrid IT adoption and serve customers in different jurisdictions faster. Listen to our recent webinar, “How to manage and protect privacy throughout the data lifecycle,” to learn more about the management and protection of privacy in the modern enterprise and make sure new privacy legislation won’t strike you when you least expect.
Data security and encryption