The Collision Data Privacy Online

Daren Glenister

Collision of Data Privacy

The “cloudification” of everything from data storage to applications to security services has increased the availability of free-flowing data, allowing business to access anything from anywhere. However, it’s raised serious concerns about the security of personally identifiable information (PII) collected and shared by businesses and government agencies across international borders, and a global data privacy movement was born. Leading the charge on data privacy reform is the European Union (EU) – where consumer privacy is seen as a fundamental right. As a result, data location now matters in the cloud, and businesses must be prepared to know exactly when, where and how this data is shared across geographic borders.

While data privacy is quickly gaining steam across the entire globe, steps the U.S. and EU are currently taking will likely shape the debate for years to come. The recently passed General Data Protection Regulation (GDPR), which goes into effect in 2018, establishes a framework for all 28 EU member nations, providing a comprehensive and unified way for businesses to properly handle sensitive data belonging to EU citizens. Of the restrictions the GDPR places on global, multi-national businesses, the proper handling of PII is front and center.

The other major data privacy issue, the EU-US Data Privacy Shield to replace Safe Harbor, more narrowly addresses the flow of personal data from the EU to the U.S. However, an initial draft of the new framework was deemed inadequate by the EU Parliament’s influential Article 29 Working Party and cannot be relied upon until it passes the test in the EU court, leaving thousands of businesses in limbo.

No More “Go With the Flow

Information-intensive business processes rely on SaaS, and this, coupled with a shift to mobile computing platforms, means controlling data location and complying with privacy regulations is extremely challenging. As new regulations come to pass, they may put U.S. companies at an even greater disadvantage by adding to the confusion over the consequences of non-compliance. According to the latest draft of the GDPR, for example, any U.S. business involved in the processing of EU consumer data – whether directly or via third-party entity – can be held liable for a breach, resulting in fines of anywhere from $1.7 million up to 4 percent of a business’ global revenue, depending on where the data violations occurred.

Whether your data lies in the public, private or hybrid cloud – it needs to be constantly evaluated in order to truly assess risk potential,” said Simon Leech, chief technologist, Security, Hybrid IT at Hewlett Packard Enterprise. “The owner of the information is ultimately responsible, which is why it is vital for companies to establish a true culture of security at all levels within the business.

Businesses should be addressing potential data privacy violations now in order to make complying with new regulations easier. There are some approved mechanisms that can be put in place while the specifics are hammered out, such as:

  • Binding corporate rules (BCR) – BCR are a set of legally enforceable rules for the processing of personal data that ensure a high level of protection is applied when personal data is transferred between members of a corporate group. Once a set of BCR has been approved by the relevant national data protection authorities, they will ensure that adequate data privacy safeguards are in place to meet compliance.
  • Hiring a Chief Privacy Officer (CPO) With data privacy regulations like GDPR and EU-US Data Privacy Shield, companies that regularly handle sensitive data on a large scale or collect information on many customers should consider designating a data protection officer that can quickly make decisions based on the evolving regulatory landscape. The CPO will be responsible for all data protection matters on a day-to-day basis, and should be involved in vendor decisions that may handle PII.
  • Investing in the IT team – Let’s be clear: complying with these new data privacy regulations will be expensive. But the cost of non-compliance will be even greater, meaning IT teams will face more pressure than ever to protect data from breaches and unauthorized access – both from internal and external threats. Fines will be levied whether the transfer of data was intentional or accidental. Unfortunately, IT teams are woefully underprepared to comply with GDPR as it is.
  • End data hoarding Technology has made it increasingly cheaper and easier to store data that many businesses simply do so as a matter of course. But big data isn’t necessarily better data, and businesses should adopt a data-minimalist approach to ensure greater control and reduce risk.

Data privacy has become a global issue affecting all companies that operate internationally, particularly those that have adopted cloud technologies. Companies can continue using the cloud as long as they’ve put procedures and systems in place to ensure that EU citizen data resides in the country of record. This includes not only validating how any personal data is collected, stored, processed and shared, but also how the business can prove continuous compliance. Setting up local datacenters will help solve the location-focused burdens of the new regulations, but it’s not enough. Companies will still need to maintain control over the entire lifecycle of EU citizen data, as well as who has access to it and from where.

By Daren Glenister

Trust Report

Profit-Driving Strategies for 2020, Backed by Data

Profit-Driving Strategies Since 2019 is coming to a close, the time has come for businesses to evaluate what they can do to propel profits in ...
Best Wordpress Alternatives

Managed Cloud WordPress Hosting Services

Managed Hosting Providers Managed cloud servers are becoming especially popular among startups and other small businesses concerned about Web security. Prior to managed hosting services, ...
Mark Barrenechea

The Digital Era Moves Into The Information Era

We have entered the Information Era Building on the groundwork of automation, connectivity and computing power that defined digital, the Information Era is characterized by ...
Patrick Joggerst

Payments Companies Will Always See ROI on Embedded Real Time Communications

ROI on Embedded Real Time Communications Without secure, real time communications applications, the financial services industry could literally come to a standstill. While transactions are ...
Patrick Joggerst

Session Border Control as a Service: Faster, More Secure and Dramatically Less Complex Enterprise Communications

Session Border Control as a Service As businesses are increasingly moving to cloud-based unified communications (UC) for improved collaboration and productivity, they must also ensure ...
Oussama El Hilali

Hybrid or Multi-cloud? Picking the Right Organizational IT Strategy

Hybrid or Multi-cloud? Picking the Right Cloud Strategy Discussions around cloud migration are no longer about whether an organization should move to the cloud, but ...
Christian Buckley

The Evolution of SharePoint Customization

When I started working with SharePoint back in 2005, deploying WSS 2.0 followed and then SharePoint Portal Server 2003 for a large client, the concept ...
Bruce Guptill

How CFOs and CIOs See Finance Management Priorities

Cloud and the Finance-IT Effectiveness Gap IT leaders today tend to be much better aligned with business and operational leaders and business goals than they ...
Kaylamatthews

What Amazon’s Kendra Means for the AI and Machine Learning Future

Amazon's Kendra Learning Future Most people feel a bit astounded when they type a query into Google and get relevant results in milliseconds. They're probably ...
Ajay

Explainable Intelligence Part 3 – The Strategy for XAI

The Strategy for XAI It is not enough to say that something is true just because 'I know it’s true!' – we have to have ...