How can enterprises step up their data protection and privacy?

The market landscape is shaped on the basis of the brands ensuring compliance with regulations. But in the coming years, it will also be driven to a large extent by the level of consumer trust. In January 2023, the Washington Post reported a major data breach on Twitter, wherein the email accounts of about 235 million users were leaked and sold on the dark web. The following month, another data breach was reported by U.S. Marshalls due to a ransomware attack. These incidents stand as a testimony to the fact that data privacy can no longer be viewed as an afterthought.

A recent study quotes that by 2024, almost 75% of global citizens will have their personal data covered by some or other privacy regulation. But the task of ensuring complete data security is not without its own set of challenges for many businesses across various industry verticals. The occurrence rate of human error in many cybercrimes has been observed to be as high as 82%. It could range from ill-informed or unaware employees using weak passwords, clicking on dubious links via emails or social channels, misusing privileged account access, or browsing unauthorized websites. Another major reason involves technological and operational gaps caused by legacy systems or incompatible devices. Yet another reason is the lack of awareness of the recent developments and evolution of regulatory policies and compliance frameworks, especially those involving international standards. So, it is very vital that enterprises deploy the latest data protection solutions to ensure 360-degree compliance.

Source: Various leading providers of Audit, Tax, and Advisory services

Two recent technologies have been identified to improve data privacy and data security. The first technology is called cyber deception. It uses a decoy or a trap to lure cybercriminals away from the real assets of a company. Staying true to the saying, “The best defense is a good offense”, it monitors the decoy, buying enough time for security teams and resources to take actionable measures. It detects the threats faster, thereby setting off credible internal alarms with few false positive alerts. Businesses can use this technology to build strategies by leveraging data-driven insights and elaborating the attack styles, techniques, strategies, procedures involved, and their identities. Moreover, it sheds light on the vulnerabilities and weaknesses the rogue elements exploit. The second novel innovation is Fully Homomorphic Encryption. It provides an enhanced focus on privacy preservation across the cloud. It also allows businesses to deploy their machine-learning tools and use encrypted data to carry out operations, especially in cloud-native experiences.

January 28th is observed as Data Privacy Day. Moving beyond a commemorative event, it should serve as a reminder for global citizens to acknowledge their internal privacy responsibilities and duties. The U.S. government is finally realizing the growing need for federal legislation and is planning to cover 10% of the U.S. states under data privacy legislation. It has been observed that more than data protection solutions are required to curb this issue. To address it further, ‘Chief Trust Officers’ will hold a key position in companies across various industries by 2030. The onus of maintaining holistic cybersecurity will be on these officers. The involvement would range from laying the foundation of governance to outlining policies and procedures for the entire organization. These personnel will also be responsible for harnessing real-time data insights to address data privacy concerns. Moreover, they will have to be prompt and upfront in understanding the data lineage. They will also have to ensure that people understand how to draw and derive from various data points through data literacy programs. Lastly, they will have to implement the critical compliance concerns strategically.

The U.S. data privacy laws are entering a new era. This includes comprehensive statutes for businesses that vary with respect to reachability. It could be based on businesses that hit certain revenue thresholds or based on the number of residents, consumers, households, or devices, of course, with data in the applicable state. As a result, businesses can leverage innovative cybersecurity solutions while maintaining stringent compliance. Moreover, these statutes minimize cyber risks and enhance cyber resilience. Thus, this fundamental shift in how the public and private sectors view data privacy will profoundly impact businesses in the future.