The Storage Networking Industry Association defines data privacy as an area of data protection that concerns the proper handling of sensitive data including, notably, personal data[1] but also other confidential data, such as certain financial data and intellectual property data, to meet regulatory requirements as well as protecting the confidentiality and immutability of the data.
Data privacy has never been more mission-critical in today’s cloud-first, digital-only world, making data governance the holy grail of data-led transformation. According to IDC’s FutureScape: Worldwide Future of Trust 2022 Predictions, 80% of APEJ organisations facing complex global regulations already have plans to increase investments in security compliance automation by 15% by 2023.
Acknowledging the importance of personal data privacy, Hong Kong’s Office of the Privacy Commissioner for Personal Data outlined six data protection principles to wit: collection purpose & means, accuracy & retention, use, security, openness, and data access & correction.
FutureCIO approached several industry practitioners for their perspective on what data privacy means in the context of today’s post-pandemic normal. More importantly, what to do given the recognition that it is important.
Xiaofeng Wang, principal analyst, Forrester
Companies in APAC are lagging behind their peers in the West in consumer data privacy practices. Companies in the region should adopt a privacy-first approach to earn consumer trust and ultimately win a competitive advantage.
They need to be transparent and granular about data collection and usage and learn to communicate to consumers that the value is not just in free content or free samples but better personalisation, more customised services, and products that ultimately yield better customer experiences.”
However, when it comes to the workplace, privacy is one element often left off initiatives designed to improve the overall employee experience.
David Corrigan, general manager of data governance, quality & privacy, Informatica
With the proliferation of data, we are only going to see heightened regulations on how that data is managed and protected. Investing in the right technologies, processes and training your people to build a data culture with security at its core is fundamental to organisations driving positive business outcomes with trusted and secured data.
My one advice to all data leaders is that they invest in overcoming the challenges of data fragmentation, still, the top challenge faced by organisations according to the 2021 Informatica CDO Study, and think of data intelligence as the future of data governance.
Transforming data governance programs for teams who can deliver intelligence about your data in 2022 and beyond is your challenge. But it’s a challenge worth embarking upon.
Enza Iannopollo, principal analyst, Forrester
Regardless of their geographies, company sizes, and verticals, privacy has become a priority for virtually every company. Privacy regulations popping up worldwide, as well as rising customers' and employees' privacy expectations, are driving the trend and will keep doing so in the future. As a result, companies are maturing their privacy programs, developing best practices, and sharpening their toolkits.
While privacy programs are primarily set up to deliver better compliance with requirements, one key benefit companies report is increased customer trust. With the volume of individuals' privacy rights requests on the rise and new risks to tackle, privacy decision-makers expect to increase their privacy budgets in the next 12 months.
Privacy teams are progressively investing in more sophisticated and automated technology to support their efforts. Encryption is one of the main technologies they are implementing today. Privacy-preserving technologies, as well as software for privacy training, also top the list of new tools privacy decision-makers are planning to adopt in the future.
Rick Vanover, sr. director of product strategy, Veeam
I see IT organizations constantly managing large amounts of data that really doesn’t matter any longer. ROT – Redundant, Obsolete or Trivial – Data should be moved out of its storage lifecycle.
My practical advice is to assess what data is where and identify what needs to be removed.
If it doesn’t need to be removed, then determine if selected data should be moved to a correct tier or policy. From a privacy perspective, where it exists is an important first step of the process.
Heidi Shey, principal analyst, Forrester
Companies around the world have learned that EX — employee experience — directly influences the quality of their customer experience (CX). As such, they are prioritising efforts to improve their EX. But employee privacy is still, too often, left out from the list of key EX — and privacy — initiatives. This is a mistake.
How companies treat their personal information has a significant impact on both how employees feel about and trust their employers, and on how they perform. Employees have strong privacy expectations at work.
Data from Forrester shows that: As many as 72% of employees globally don't want their personal data used as part of workforce analytics projects without their consent; 54% wish they had more privacy protections in the workplace, and 47% take active measures to limit the amount of personal data they share with their employers.
Those organisations that have systematically underestimated their employee privacy must learn how their employees feel about their personal data at work and develop privacy practices that meet these expectations:
- Those that understand employee privacy only as a compliance requirement should upgrade existing practices to cater to employees' privacy attitudes beyond mere compliance.
- Those that have strong employee privacy practices in place must ensure they continuously improve them to align with changing employee privacy behaviours.
Organisations must empower their workforces to level up their personal privacy posture. You can’t force anyone to act, but you can be a resource for information.
The market for consumer privacy technologies and services offerings goes beyond VPNs and identity theft monitoring services — privacy and anti-surveillance tools, concierge cybersecurity services, home cybersecurity services are also available.
Yet while technology is helpful, privacy-minded behaviours and habits will have the most day-to-day impact.
Andy Teichholz, global industry strategist, compliance & legal, OpenText
People are more empowered than ever to exercise their rights, submit Subject Rights Requests (SRRs) and reclaim control of their information. They want to understand how their data is used and to access, correct, delete and restrict use.
To meet these data-intensive demands and overcome a scarcity of resources to support key business activities, organisations must embrace process automation for SRR response and apply case management tools that best track its performance and effectiveness. A well-executed program that delivers a strong experience will be critical to improving customer satisfaction and loyalty.
