Privacy Regulations Are Popping Up Everywhere

0
7

How to Ensure That They Don’t Dampen Innovation

By Isaac Kohen, Teramind

The implementation of Europe’s expansive General Data Protection Regulation was a clear harbinger that the tech sector was heading in a radically different direction from the lax data standards that governed its first several decades of growth.

Of course, what primarily began as a European mandate quickly left its shores as shifting consumer sentiment and a broad recognition that we needed to place some parameters on the way we handle people’s valuable personal data became inevitable.

In the United States, The California Consumer Privacy Act will place data privacy restrictions in Silicon Valley’s own backyard, and, similar to the state’s impact on the auto industry, it will have repercussions for the rest of the country. Collectively, more than 80 countries have data privacy laws on the books.

In the wake of egregious data breaches at companies like Equifax and Marriott, as well as moral failings from companies like Facebook, it was clear that something needed to be done. However, it was less obvious how that would affect the businesses that these laws regulate.

So far, the results are mixed.

For instance, more than 59,000 data breach notifications were issued in GDPR’s first year, and some companies like British Airways and Marriott received hundreds of millions of dollars in fines, reminding companies of all sizes that data protection needs to be a top priority.

Meanwhile, there is evidence that venture capital investment in European tech startups is declining compared to other countries like the United States, where privacy laws are still less defined. What’s more, data privacy laws impact the development of artificial intelligence and machine learning by making information less accessible and more risky for companies striving to develop technology.

To put it simply, restricting innovation is a noteworthy side effect of these data privacy regulations.

In 2019, these regulations are causing companies to redefine their practices while still harnessing the opportunities of the digital age. It’s a precarious situation, but it’s not one that today’s organizations can’t meet head-on.

Here are three ways that privacy regulations impact every organization and the steps they can take to navigate this new reality.

#1 Companies Have to Protect User Data

In almost every way, data is the lifeblood of the digital economy. Likening personal data to the oil of the internet, Wired described the importance of personal information, writing, “On the internet, the personal data users give away for free is transformed into a precious commodity.”

Practically every platform on the internet is powered by this valuable resource, creating a sophisticated market for exchanging personal information. Unfortunately, this data isn’t just valuable to the companies that use it to perfect their platforms.

It’s extremely valuable to bad actors, and it’s susceptible to misuse by both external and internal threats. With the Dark Web providing an expansive market for people’s personal information, anyone can capitalize on the vulnerabilities inherent in today’s digital ecosystem. That’s why Verizon’s 2019 Insider Threat Report found that both internal and external threats are primarily motivated by financial gain.

In 2019, companies of all sizes need to be aware that they are storing a highly valuable commodity, and securing this information is critical to their regulatory compliance, customer satisfaction, and financial well-being.

Oddly, this inherently technological problem can be addressed with new and better technology.

Fighting technology with technology might appear anathema on the surface, but by implementing powerful and capable endpoint data loss prevention (DLP) and monitoring software, any company can effectively protect their information from misuse so that they can remain compliant and operational.

For example, this data security solution can

  • limit access to sensitive personal information
  • prevent unauthorized data movement
  • provide real-time alerts for suspicious activity
  • create a comprehensive record of data access.

Since digital platforms rely on data to fuel their platforms, they have to be especially careful about protecting this information if they want to continue innovating while remaining compliant with data privacy laws.

#2 Modern Work Trends Must Be Managed

The modern office is redefining the nature of work in several ways. Perhaps most obviously, many employees no longer spend all of their time in an office. It’s estimated that 70% of people around the world work remotely at least once a week, a reality that produces many compliance and data security vulnerabilities.

When coupled with blurring lines between personal and private technology, it’s no wonder that organizations are having a difficult time securing their customers’ data. In this environment, accidental sharing, unsecured networks, and other data exfiltration maneuvers create significant liability for companies offering these perks.

To put it simply, in a stringent regulatory environment, these incentives have many drawbacks for companies trying to remain compliant with the cadre of laws trying to protect consumer data.

However, that doesn’t mean that it’s time to call the employees back to the office. Instead, train employees on proper data management standards, and enforce data privacy expectations by leveraging your DLP and monitoring software to support these initiatives.

Noting the importance of employee training, the Society for Human Resources Management encourages every organization to prioritize training as a critical component of any data security protocol.

“To ensure that company, consumer and employee information is protected, employers should understand the data-security laws that cover their workplace and train employees to know their role in minimizing the risk of a data breach,” the organization writes.

These efforts can be reinforced with the right software, providing both the real-time support to address common cyberattacks like phishing campaigns and malware that are often delivered through email to unsuspecting employees.

Organizations don’t have to replace their forward-thinking workforce priorities to achieve regulatory compliance, but they do have to bolster those efforts with training and reinforcement.

#3 Innovation Comes with Accountability

Two of today’s most promising new technologies, artificial intelligence and machine learning, require a deluge of data to be successful. In response to recent regulatory requirements, some companies are pulling back on these initiatives, a shortsighted move that compromises innovation in exchange for compliance.

Instead, there is a delicate balance between innovation and accountability that will mark the next generation of prominent technologies.

Therefore, companies should prioritize the technological infrastructure that can monitor these initiatives while demonstrating compliance. For example, GDPR requires that companies appropriately explain the method and nature of their data processing, so intentionality must be enacted at every level of development.

Regardless of the specific technology, the next generation of innovation will come with accountability, and companies won’t have carte blanche to do whatever they want with their customers’ data.

We are undoubtedly heading into an era that is increasingly marked by more regulation, not less. Even so, that doesn’t mean that innovation has to stall. Instead, today’s organizations can embrace this moment as an opportunity to refine their practices and priorities to ensure that their platforms’ next iterations are both extremely capable and unambiguously aware of the valuable information that propels their ecosystems.

When the right solutions are implemented, everyone wins. That’s the intention of every regulatory effort, and it needs to be the priority of every organization going forward.

About the Author:

Isaac Kohen is the Founder and Chief Technology Officer of Teramind (https://www.teramind.co/), a leading, global provider of employee monitoring, insider threat detection, and data loss prevention solutions.