What Does the New Decade Have in Store for Data Privacy & Security?
Jan 16, 2020
As a new decade begins, a heightened concern over data privacy continues to cloud organizations across the world. The way organizations collect, store, and use customer data has come under scrutiny. The last few years we’ve seen the General Data Protection Regulation (GDPR) take effect, in an effort to protect EU’s citizens data privacy and data security – leaving many organizations in the U.S. to comply with this new regulation. Now, state data privacy regulations such as the California Consumer Privacy Act (CCPA) have been signed into law to enhance data privacy protection for residents.
Why is data privacy protection important?
Protecting information and data is important, so it doesn’t fall into the wrong hands. Personally identifiable information and/or protected health information can be stolen by criminals to commit identity theft or to use for ransom. Additionally, organizations who have proprietary data, business assets, and client information are vulnerable to hackers who want to steal this data in return for financial compensation.
Recent examples of data breaches include, the WaWa breach of over 850 of its locations exposing customers’ credit card information, and Microsoft’s customer support database of 280 million records was exposed unprotected on the web. Because of continued breaches such as these, SMBs and enterprise-level companies are making enhanced efforts to implement a cybersecurity program that can detect and prevent cyber threats from happening.
Proposal of the Data Protection Agency
Recent talks have sparked about a new possible federal agency that would oversee and regulate data privacy and security called the Data Protection Agency (DPA). New York Senator, Kirsten Gillibrand, proposed this new agency as a way to streamline data regulation efforts under one group – which as of now is being monitored and regulated by the Federal Communications Commission (FCC), Federal Trade Commission (FTC), and Department of Justice (DOJ). As stated in this ThreatPost article, Gillibrand makes an argument for the agency saying:
“The United States is vastly behind other countries on this. Virtually every other advanced economy has established an independent agency to address data protection challenges, and many other challenges of the digital age. The agency would have a three-pronged approach to data privacy regulation, said Gillibrand. First, it would serve as an enforcer for data protection rules and regulation”.
The other two prongs would serve as the DPA working with the tech industry to minimize personal data collection and informing the U.S. government on emerging privacy and security issues.
Data Privacy & Security Best Practices
When it comes to practicing good data protection, a best practice is to always use encryption to protect data. This allows only authorized users to be able to view the data, keeping it safe from cyber criminals who want to steal it. Another best practice is to use multi-factor authentication to be able to access data. Today, many organizations have implemented this best practice as a way for employees to access their company network, but it helps minimize identity fraud as well. Lastly, data privacy and security can only be accomplished with a sound cyber security program in place. Having good policies and procedures surrounding the use of data and how to protect it amongst your internal and external threats will help safeguard both company and client information.
For questions regarding data privacy and security, contact our security professionals at firstname.lastname@example.org or at 855-732-8826.