Sensitive Data Management—Are You Prepared?
Today’s data-driven organizations are on a data privacy governance journey—whether they realize it or not. So, what does that mean? More importantly, what kind of impact will it have on your organization?
Businesses that use sensitive, personal data to help drive customer relationships and digital transformation programs are seeing a veritable rain cloud of new privacy mandates—mandates that are either already disrupting their business or soon will be, if they do not properly prepare for the pending storm. And indeed, the storm is coming: Regulators around the world are in various stages of rolling out their regional personal privacy mandates, from the General Data Compliance Regulation (GDPR) in Europe (which will enter its third year of enforcement in May 2020), to the California Consumer Privacy Act (CCPA), which will begin actively enforcing penalties in June 2020, with others to come.
Whether they’re ramping up compliance or still clarifying policy regarding their exposure to data privacy risk, every organization must acknowledge the new responsibilities to protect data across a global landscape. In short, you will be affected and that will create challenges if you have no plan in place.
It can be difficult making sense of local legislation, let alone a myriad of separate global mandates. To enforce data protection through anonymization and pseudonymization of personal data (e.g., masking or encryption), you need a consistent approach to data privacy governance—but due to increased consumer rights, you also need visibility into data use for transparency. A good metaphor for this is the proverbial “death by a thousand paper cuts,” as organizations must be ready to respond to hundreds, if not thousands, of consumer requests into their data rights and could see a heavy manual workload burden to discover, classify, and report on personal data as a result. Failing to automate these tasks to report on appropriate data access and use in a timely way will not only increase risk of regulatory fines, but potentially devastating losses in customer loyalty.
Consumers are no longer blaming hackers for data breaches and insider abuses—they now assume that companies have had fair warning and should already be taking preemptive action, instead of adopting a wait-and-see approach. Moreover, privacy regulators have signaled that they will provide more favorable treatment (in the form of lower potential fines and fewer penalties) for companies who make a best effort to avoid risks to data exposure than those organizations that claim ignorance. The good news is that it’s not all doom and gloom: companies that demonstrate responsible data handling can see a 5x increase in personal data use from consumers who trust them with their data!
So, where does your organization stand?
Discover, Secure, and Manage Sensitive Data to Protect Privacy
All organizations are at various stages of maturity on this journey, and it’s important to be taking steps to govern data responsibly today, instead of waiting to be caught off guard. Not just because you “have to” for regulatory compliance, but because you “want to” to accelerate your safe use of data during digital transformation.
Whether it’s taking data analytics beyond the data scientists to democratize it for further use, moving workloads to the cloud in public hosted environments, or even developing customer loyalty programs with new products and services, privacy—by underpinning data quality and trust—has become the enabler that accelerates the unleashing of your digital transformation.
But where to begin? For some organizations, a return to the basics may be in order. That means understanding the privacy mandates that apply to your business and successfully mapping them to your people, processes, and IT, to better align resources and create appropriate policies for your environment. For other organizations, where policies and procedures on data are well known, there may not be complete visibility into where personal data is located, connected to its identities or owners, or how to assess risk for prioritizing remediation based on its exposure.
Should you happen to be with a company that has these data governance challenges figured out, great job! You are probably ahead of the game and instead need to look at current remediation techniques and whether they’re effective at protecting data, while keeping that data open for business use and the data stewards who need to use it responsibly.
What are your most urgent needs to jump start a privacy journey? Or, if you’re feeling confident about your current security and risk posture, are there gaps in privacy controls that perhaps need a second look? It may be worth reassessing your current privacy posture for peace of mind, or more importantly, to avoid getting blindsided when the dark clouds of new regulatory mandates suddenly appear in the proverbial skies overhead.
Sensitive Data Management—Time to Re-Evaluate your Readiness?
As the data management experts, Informatica looks at data through a number of different lenses—including data privacy and protection—that are relevant to your business. The overall arena of data governance can provide a reliable blueprint toward handling data responsibly to optimize business outcomes, whether that means improving IT processes, or enhancing data quality for revenue-generating opportunities. Moreover, by helping organizations accelerate their data privacy governance journey, a reliable and consistent approach can unleash the power of data by sharing metadata-driven intelligence and automation of controls. Whether democratizing data for enterprise-wide use, migrating to the cloud, monetizing customer loyalty programs, or other business value-generating programs, it’s critical to keep risks at bay, and that starts with following best practices for sensitive data management.
With personal and sensitive data increasingly under scrutiny by consumers and regulators alike, it’s important to know where you stand for assurance. For additional insights, we invite you to download “Sensitive Data Management,” a Bloor Spotlight Paper, to assess your readiness and accelerate your privacy journey!
Additional Resources:
