Data Privacy in 2023
California, Colorado, Utah, Virginia and Connecticut will all have new privacy regulations in 2023, putting unprecedented pressure on data privacy leaders. The similarities, differences and nuances with the upcoming regulations, the strict enforcement to be expected and the growing awareness among consumers about their data and its privacy, all contribute to the fact that data privacy should be made a priority going into 2023.
Data privacy leaders will have to navigate the organisations demands for growth and profitability, the regulatory bodies demands for compliance, and consumer expectations.
Here are five tips to consider to help tackle the challenges expected in the new year
Focus on collaboration and transparency Privacy is a team sport. It is important to collaborate seamlessly with the different teams as they each play a role in the various processes of enabling data privacy.
Working with security on incident response
Working with people care leaders and HR as you build workflows for handling employee privacy rights
Working with marketing to understand and address privacy risk around AdTech
Working closely with IT as you implement a data minimization program
Privacy is not the sole responsibility of the privacy leaders within the company. Every individual holds the responsibility for maintaining a strong privacy program for the organisation and enabling data security.
It becomes vital to communicate the requirements of privacy, the importance of the same, the programs being implemented and maintained within the organisation and ensure that it is followed at every level across the different enterprises. The importance of transparency and communication about privacy within the company is not to be underestimated.
Simplicity is key Complexity is the hallmark of privacy compliance with a patch of privacy laws here in the US and the existing laws globally. Even though there are commonalities there are many differences. But one needs to look at the overall objectives of the program – focus on the simplifying and harmonizing the requirements or the practical implementation will be impossible. Achieving all end results on day one is a pipe dream, instead efforts need to be put into ensuring that the overall processes and culture are moving in a privacy forward direction.
Further, data is everywhere and growing rapidly in most enterprises. Growth in cloud has also increased the number and complexity of technologies. This has resulted in data being duplicated all over the enterprise. Handling the exponential amounts of data requires processes that aren’t complex or demanding. If we do not take a simple and privacy by design approach to implementing privacy – we will never reach our end goal.
Ensure Prioritization The data privacy world sees a myriad of challenges, sometimes happening simultaneously and sometimes in tangent. The notion that all can be dealt with at the same time with equal efficiency is unrealistic.
It then becomes imperative to prioritize processes. Certain privacy requirements will need to be dealt with first and certain requirements will demand more resources than others.
Prioritization becomes easier when you have a good understanding of your data. Which is where having a detailed Data Map comes in, providing an extensive understanding of the data flows within and outside the organisation. It covers multiple areas such as IT, legal, records management and security, providing insights on key focus areas and risk factors that serve as priceless intel when prioritizing tasks and processes. Keep actively updated Regulatory bodies are constantly working on enforcing laws. Companies are being pulled up every day for counts of non-compliance, each case slightly different from the other, holding valuable information on what went wrong, what could have been done differently and what should be done in the future.
Using this information and advice from peers who have been in such situations can be used as an advantage going forward.
Technology leveraged the right way is data privacy’s best friend. In today’s world, everything can be made simpler, easier, faster, and more efficient with technology and data privacy is no exception. Technology helps bring the people within the organisation, working in different silos together under one tool holistically.
Machine learning finds patterns, labels, groups, and automatically classifies information according to predefined standards and categories
Privacy-enhancing technologies or PETs enable anonymity, pseudonymity, unlinkability and unobservability of data subjects
Technologies can be employed to automate, manage and regulate subject access requests received
Contextual advertising uses ML to gain insights from the context to deliver the right ad to the right person without violating their privacy
There are multiple technological solutions available for various privacy challenges. Organizations should first understand their technological needs and analyse the various data governance technology solutions and platforms available in the market. Investments in the right technology benefits the organisation in more ways than one. While there are no guaranteed solutions to the expected challenges in the coming year, there are certainly steps that can be taken to benefit our organisations in the long run. The changes made in light of the forthcoming regulations, while may appear daunting now, can be beneficial over time. Employing privacy by design and regulatory compliant solutions today strengthen our privacy and IG programs, providing sustainability and scalability for the future.