Privacy regulations have really come into play over the last four years. Consumers are becoming more concerned about the disclosure and use of their data and trust is playing a key role. According to a survey conducted by Salesforce, 48% of consumers said they had lost trust in brands during the pandemic due to misuse of personal information. As the world becomes more technology driven and people grow more concerned about their data privacy, regulations surrounding data protection are quickly emerging all over the world.
Analysts weigh in on the growth of global data protection regulations
Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population. The GDPR in Europe was the first major data privacy regulation, and came into effect in 2018. It was quickly followed by others including the California Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (LGPD), both of which came into effect in 2020. We’re seeing that more states and countries are quickly following suit – in the United States, Colorado and Virginia have passed privacy regulations that are taking effect in 2023. While India is in the process of implementing privacy regulations as the Joint Parliamentary Committee presented its report for the Data Protection Bill in December of 2021.
The scope of these regulations suggests that organisations will be managing multiple data protection requirements in various jurisdictions, and Gartner highlights that customers will want to know what kind of data organisations are collecting and how it’s being used. Gartner recommends standardizing security operations using GDPR as a base, and then adjusting for individual jurisdictions. Enza Iannopollo, principal analyst at Forrester, echoes this, saying that while all of these regulations have their own unique details, the GDPR is still a reference point for organisations that must comply with multiple regulations. Enza explains that if an organisation has developed best practices for GDPR compliance, these initiatives will significantly ease the challenge of meeting compliance requirements with other current and upcoming privacy regulations.
Identify and classify data now rather than scrambling to do it later
Increasing regulations, legislation, and compliance – and the growing risk of data breaches – are some of the biggest challenges impacting data security within organisations today. In order for an organisation’s data to be secure, and compliant with regulations, all data needs to be identified, categorised, and protected. In our recent Q&A session with Enza Iannopollo, Enza stressed the importance of gaining a good understanding of where data is and what it is that requires protection. Enza also recommends using technology that can help with this task, such as data discovery and classification solutions.
Data classification uses visual labelling alongside customised metadata applied to data to protect and control its use. In addition, metadata applied to documents enhances the performance of downstream security solutions, using metadata properties to determine how a piece of data should be treated, handled, stored, and if necessary, disposed of. The majority of these regulations allow data subjects the right to obtain access to the data being held on them by an organisation, as well as the right to be forgotten. By identifying and classifying data into appropriate categories, organisations have more control, making data easier to locate and retrieve, which is of particular importance when it comes to risk management, compliance, and data security.
The benefits of blending automated and user-driven data classification
In order to keep up with current and future regulations, Gartner recommends focusing on automating privacy management systems, which includes automated data classification. Automated data classification involves the application of a classification for a particular file or message by a pre-defined rule set. Many organisations look to combine security automation with a user-driven approach to provide an additional element of support to the user. Using a blended approach of automated user-driven techniques when it comes to data classification can deliver significant benefits including:
- Adapting to your business and infrastructure needs
- Reflecting the differing requirements of your user communities
- Supporting users in their classification decision making
- Streamlining workflow for routine classification tasks
- Balancing technology-based decision-making with user insight
- Respecting the authority of user judgements
- Widening the reach of data classification
- Leveraging investment in discovery tools such as DLP
Implementing data classification tools automatically can reduce the possibility of human error, which is one of the biggest causes of accidental data breaches, as well as significantly improve efficiency levels. Equally, where there is an issue with data that is difficult to label, it can be better to manually sift through the documents. Capturing user insight in the process of data classification is critical to ensuring decisions are made within the correct context. Your data classification solution should blend together best practices in both user-driven and automated techniques in the manner most appropriate to your business. This offers an integrated range of approaches that you can tailor to meet your precise needs and that can be easily adapted as your business needs evolve.
With the emergence of global data privacy regulations on the rise, and the trust of consumers dropping, it is more important than ever that organisations get a head start on knowing what data they have, where it is located, and how it should be protected. Now is the time to start preparing your organisation’s data. By getting ahead in your compliance journey, not only will you be compliant with current regulations, but appropriately prepared for what may be coming down the road.