The world marks 28th January 2020 as Data Privacy Day (also called Data Protection Day in Europe). On this occasion, it’s essential to revisit the concerns that consumers have about data privacy. While laws are yet to be established or just rolling out (notably CCPA and India’s Data Protection Bill), consumers need to step forward and question services organizations who are custodians of their data and Personally Identifiable Information (PII). As we go about reporting news daily here at CISO MAG, it is alarming to note that almost every other week, we read about organizations getting hacked and about their customer databases leaked online. Yes, data has become the fluid that keeps the business machinery moving, and it is up to organizations to prioritize the security of this data.
Manish Sehgal, Partner, Deloitte India, said, “Over the past years there have been many conversations on ‘data as new oil,’ or ‘data as an asset.’ However, flipping the coin, if data (personal data to be specific) across its lifecycle is not safeguarded, and is used or processed beyond defined purposes, it may become a liability.”
Countries have taken steps to secure consumer data, and businesses are bound by regulation, some with strict penalties and hefty fines. The EU’s GDPR is an example, and other countries are also working on similar laws and regulations. However, that alone does not guarantee that your data is in safe hands. Organizations in possession of consumer data need to do a lot more and deploy the right security solutions (to address data leakage and ransomware, for instance). They need to go further and ensure that partners in their ecosystem also secure their customer databases. If the data is on the cloud, on a service provider’s server, then the service provider also shoulders that responsibility. And the organization needs to take adequate steps right at the beginning to ensure it.
Sehgal added, “With growing regulations and strengthening rights for data owners, organizations around the world are becoming more answerable than ever before regarding data’s usage, storage, and erasure. Given the anxiety around the protection of data and its storage today, real value for any organization is to be proactive to become privacy enabled and not just a privacy compliant.”
It comes down to legalities, frameworks, policies and guiding principles—and Generally Accepted Privacy Principles (GAPP) is an example.
“Leading practices and frameworks such as GAPP offer necessary guidance for organizations to embark on their data journey. The need of the hour for the majority of Indian enterprises is to strategize, prioritize and initiate their growth path harnessing the power of data,” concluded Sehgal.
So, this is not just another special day marked on our calendars. On Data Privacy Day, we all need to ask ourselves if we are doing enough to protect our data and our customers’ data. We need to raise more awareness and listen to the privacy concerns of our customers.
A responsible organization gains trust and credibility–which leads to business success.