The Collision Data Privacy Online

Collision of Data Privacy

The “cloudification” of everything from data storage to applications to security services has increased the availability of free-flowing data, allowing business to access anything from anywhere. However, it’s raised serious concerns about the security of personally identifiable information (PII) collected and shared by businesses and government agencies across international borders, and a global data privacy movement was born. Leading the charge on data privacy reform is the European Union (EU) – where consumer privacy is seen as a fundamental right. As a result, data location now matters in the cloud, and businesses must be prepared to know exactly when, where and how this data is shared across geographic borders.

While data privacy is quickly gaining steam across the entire globe, steps the U.S. and EU are currently taking will likely shape the debate for years to come. The recently passed General Data Protection Regulation (GDPR), which goes into effect in 2018, establishes a framework for all 28 EU member nations, providing a comprehensive and unified way for businesses to properly handle sensitive data belonging to EU citizens. Of the restrictions the GDPR places on global, multi-national businesses, the proper handling of PII is front and center.

The other major data privacy issue, the EU-US Data Privacy Shield to replace Safe Harbor, more narrowly addresses the flow of personal data from the EU to the U.S. However, an initial draft of the new framework was deemed inadequate by the EU Parliament’s influential Article 29 Working Party and cannot be relied upon until it passes the test in the EU court, leaving thousands of businesses in limbo.

No More “Go With the Flow

Information-intensive business processes rely on SaaS, and this, coupled with a shift to mobile computing platforms, means controlling data location and complying with privacy regulations is extremely challenging. As new regulations come to pass, they may put U.S. companies at an even greater disadvantage by adding to the confusion over the consequences of non-compliance. According to the latest draft of the GDPR, for example, any U.S. business involved in the processing of EU consumer data – whether directly or via third-party entity – can be held liable for a breach, resulting in fines of anywhere from $1.7 million up to 4 percent of a business’ global revenue, depending on where the data violations occurred.

Whether your data lies in the public, private or hybrid cloud – it needs to be constantly evaluated in order to truly assess risk potential,” said Simon Leech, chief technologist, Security, Hybrid IT at Hewlett Packard Enterprise. “The owner of the information is ultimately responsible, which is why it is vital for companies to establish a true culture of security at all levels within the business.

Businesses should be addressing potential data privacy violations now in order to make complying with new regulations easier. There are some approved mechanisms that can be put in place while the specifics are hammered out, such as:

  • Binding corporate rules (BCR) – BCR are a set of legally enforceable rules for the processing of personal data that ensure a high level of protection is applied when personal data is transferred between members of a corporate group. Once a set of BCR has been approved by the relevant national data protection authorities, they will ensure that adequate data privacy safeguards are in place to meet compliance.
  • Hiring a Chief Privacy Officer (CPO) With data privacy regulations like GDPR and EU-US Data Privacy Shield, companies that regularly handle sensitive data on a large scale or collect information on many customers should consider designating a data protection officer that can quickly make decisions based on the evolving regulatory landscape. The CPO will be responsible for all data protection matters on a day-to-day basis, and should be involved in vendor decisions that may handle PII.
  • Investing in the IT team – Let’s be clear: complying with these new data privacy regulations will be expensive. But the cost of non-compliance will be even greater, meaning IT teams will face more pressure than ever to protect data from breaches and unauthorized access – both from internal and external threats. Fines will be levied whether the transfer of data was intentional or accidental. Unfortunately, IT teams are woefully underprepared to comply with GDPR as it is.
  • End data hoarding Technology has made it increasingly cheaper and easier to store data that many businesses simply do so as a matter of course. But big data isn’t necessarily better data, and businesses should adopt a data-minimalist approach to ensure greater control and reduce risk.

Data privacy has become a global issue affecting all companies that operate internationally, particularly those that have adopted cloud technologies. Companies can continue using the cloud as long as they’ve put procedures and systems in place to ensure that EU citizen data resides in the country of record. This includes not only validating how any personal data is collected, stored, processed and shared, but also how the business can prove continuous compliance. Setting up local datacenters will help solve the location-focused burdens of the new regulations, but it’s not enough. Companies will still need to maintain control over the entire lifecycle of EU citizen data, as well as who has access to it and from where.

By Daren Glenister

The Report.png
Cloud For Dummies.png
The Manuscript.png
Data Fallout.png
Crozdesk Business Software
B2B SaaS Comparison Platforms B2B SaaS Comparison Platforms are designed for buyers looking for additional information on a particular vendor and service. These sites help ease the complexities for buyers by providing a detailed breakdown ...
Gilad David Maayan
Azure Storage Pricing Introduction to Azure Storage Services Azure Storage is a set of cloud storage services provided by Microsoft as part of the Azure public cloud. It offers highly scalable object storage, file systems ...
Gary Bernstein
Test Data Management How do you test your data management systems? With Delphix, you can automate your tests by running your data against a virtual copy of your production environment. Today, the amount of data ...
Gary Taylor
Hybrid Worker Risks Organizations are under pressure to secure their remote workers, but they are also worried about the potential impact on user experience. Can they have it both ways without compromise? The pandemic has ...
Suraj Kumar Singh
Make Smarter Business Decisions Updated: 08,18,2022 Launching a new start-up? You’ll need to invest in costly software packages, in-house servers, off-site back-ups and more. Right? Wrong. Thanks to the cloud, entrepreneurs are spoiled for choice ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.