It’s a few years now since the European Union’s General Data Privacy Regulation (GDPR) went into effect, and data privacy continues to gain legislative attention in the United States. The California Consumer Privacy Act (CCPA) was effective 2020 and expanded later that year with the California Privacy Rights Act (CPRA).
Data Privacy Legislation Continues to Develop
Additional legislation continues to be proposed at both the federal and state levels. Businesses need to be aware of the potential for privacy laws and to proactively take steps that will allow them to comply and avoid large penalties.
As technology continues to leverage data in new ways, especially through artificial intelligence, it becomes ever more likely that privacy laws will give consumers the right to control how their data is used. In addition, as more employees work from home due to Covid-19, their business use of technology inevitably merges with their personal use of technology, raising privacy concerns related to the ways businesses monitor their employees.
The privacy laws take one of two approaches: either consumers can opt out of data usage, or they must opt in to data usage. Whichever approach regulation takes, the keys for business are the same: know where protected information is collected, provide a way for consumers to review and correct data, and implement controls to limit and audit the usage of that data.
Businesses must also be aware that their responsibilities don’t end when they share data with a third party; businesses will need to monitor those third parties’ data usage, as well.
New Methodologies and New Technologies to Protect Data
Some are adopting DataSecOps methods to keep cloud data safe; this approach incorporates data security considerations into all technology decisions. Because security is no longer an after-thought, it’s easier to achieve.
Toolkits have been developed to simplify requesting and processing consumers’ consent to data usage through automation of the workflows.
In addition, technologies to protect personal data are moving far beyond simple tokenization. New approaches will allow analytics to work on encrypted data, allowing data sets to be useful without the risk of exposing data.
It fundamentally remains the case, however, that protecting consumers’ personal data and complying with data privacy laws requires businesses to understand their data, where it resides, and who is accessing it. Data Insight, from Veritas, enables businesses to automatically identify sensitive data that’s subject to privacy protections, as well as identify the data owners and monitor usage. Enterprise Vault brings privacy controls to archived data sets, including supervisory reviews to ensure compliance with governance policies.
VAST IT Services is a Veritas partner, providing support for the full suite of Veritas products and helping our clients leverage them to understand, manage, and protect their data. Contact us to learn how you can ensure your data complies with existing and upcoming data privacy regulations.