Member Article

Reflections on Data Privacy & Protection

There’s not much as important to businesses of all sizes as the trust and care of customer and business data. Four senior business executives with extensive technology experience offer their views as the world marks Data Privacy day on 28th January.

Drew Bagley, VP & Counsel, Privacy and Cyber Policy at CrowdStrike: “As we recognize Data Privacy Day, it is important to reflect on what holistic data protection entails, and how critical cybersecurity is, not only for compliance but for protecting privacy and human rights. Data breaches pose a significant threat to privacy today. Accordingly, policy makers and government agencies can improve privacy not only by promoting transparency but also by incentivizing the adoption of best practices to protect data against breaches. This should be prioritized instead of seemingly-arbitrary proxies for privacy like data localization. Today, modern IT infrastructure, cybersecurity and privacy compliance programs are dependent upon global data flows. Introducing frameworks that enhance security and provide certainty for data transfers is an important element to achieving holistic data protection.”

Heather Hinton, Chief Information Security Officer, PagerDuty: Mature digital operations underlie enterprise data protection “The innovation unleashed by the information economy is sustained by trust and reputation. There is a three legged stool that supports trust and that is data protection, security and privacy. Data protection is vital at all stages of a company’s business functions - during normal operations and in the midst of incidents the modern digital enterprise must manage events, communicate with customers, and maintain trust through transparency and continued data protection awareness.

“Major incident best practices rely on end-to-end response automation. CISOs should ensure that their response encompasses skills and information from the whole enterprise (from customer service to network and software engineering) and that everyone is aware of the basics of data protection. When trouble strikes and data protection concerns are part of the problem determination, the most important steps are understanding the extent of the situation and then work to form an organisational response and communication.

“Gaining control of all digital operations is a critical imperative for all business operations, with data protection at its core.”

Paulo Rodriguez, Head of International, Vanta: “Not only is data protection and privacy vital in building better business applications for more beneficial social outcomes - but it’s also smart business, as mitigating risk grows trust with customers, prospects, and regulators. Given the growing threat from cybercrime in the UK, having a buttoned-up organisation that respects business, customer, and partner data is a must-have to stay safe and retain trust.

“The difficulty comes in managing what are often lesser business priority, manual, processes to secure the business and demonstrate compliance - a whole extra burden on top of achieving it. The solution? Automation, which allows for continuous monitoring to help firms become compliant. In our fast-changing business environment, firms need real-time alerts to remediate issues as they arise. This frees teams from the burden of repetitive tasks and allows them to focus on building better processes as the business matures.

“Achieving a state of data compliance is not a once-and-done situation and requires a mature outlook to maintain social trust and responsibility. Like so many business processes, automation has become the solution to a difficult challenge.”

John Mutuski, Chief Information Security Officer, Pipedrive:  “Data privacy concerns have become an important element for Sales and Marketing efforts. Modern businesses collect customer data and information to create personalised marketing campaigns. According to research, 91% of customers are more likely to select the company that provides them with relevant and personalised offers. However, unprotected customer data can be exploited by cyber criminals; placing customers’ identities and their sensitive information at risk. Firms who suffer data breaches are likely to incur financial damages in the form of lost revenue, fines and long term damage to their brand and reputation.

“Today, sales and marketing teams need to find a balance between their efforts to improve the customer experience and ensuring that appropriate security measures are in place to protect their customers’ data. Customer relationship management and other marketing tools often harbour vast amounts of customer information, so it is vital that businesses choose a provider that they can verify complies with best practice surrounding data security.

“The best tools will provide a constant view into the state of their accounts’ security. The chosen platform should allow one to quickly see suspicious activities related to their account, in as close to real time as possible. One should be able to gain insight into its account activity with access to the platform logs. A strong platform will provide the ability to tightly manage accounts and devices through the use of whitelisting IP addresses or setting time-restricted access. Finally, all platforms need to offer multi-factor authentication ‘MFA’ to guard against account takeover that happens all too often.

“A reputable firm should also be able to provide evidence that their corporate and platform security program meets our industry and regulatory requirements. Certifications and assessments such as SOC II and ISO are well-established assessment frameworks that ensure a comprehensive security program is in place.”

This was posted in Bdaily's Members' News section by Tech Expert .