Beyond Data Security: The Evolving Data Privacy Landscape

Beyond Data Security: The Evolving Data Privacy Landscape

Businesses across the world are facing a paradigm shift when it comes to managing data. We are moving from a security-focused approach, based on how data is protected, to a regulatory approach, based on data privacy. This expands the scope of data management to include how data is used, how it is disclosed, how it is retained, and more. Security hasn’t gone anywhere -- data still needs to be protected. But privacy goes further, and includes our rights as individuals to control the data about us that we generate every day.

In today’s evolving data landscape, it is estimated that over 2.5 quintillion (that’s 2,500,000,000,000,000,000) bytes of data are created each day. And the digital universe -- a term used to measure the existing size of digital data -- is estimated to be 40 zettabytes (40,000,000,000,000,000,000,000 bytes). It is also estimated that 90% of the digital universe was created in the last two years. With our connected world, that means most of this data is stored online somewhere.

Most countries have some form of data protection regulations in place, and they are evolving quickly. Examples include GDPR in the European Union, CCPA in California, and PIPEDA in Canada. Privacy regulations are evolving to address the data economy and the demand by data subject owners -- such as individual people -- for some form of protection. The pace of evolution is clearly increasing, as proven by the change from the Sarbanes–Oxley Act of 2002 to today’s worldwide compliance footprint.

According to a 2018 report, in the US alone, at least 35 states reviewed more than 265 bills and legislative regulations related to cyber-security. Fifty of the efforts became law.  Many of these laws also addressed privacy and privacy rights, such as CCPA.  

These rapidly changing privacy regulations -- by state, province, region and country -- make it difficult to understand the potential impact for an organization. We can say, as a general rule, that businesses of all sizes will be affected by privacy regulations, from internal data (e.g., human resources files) to external data (e.g., customer data). And, to put this in concrete terms, ignorance will not be an acceptable excuse when it comes to the potential, and substantial, fines imposed by regulatory bodies.    

Voice data, whether in the form of transcriptions, biometric voiceprints, or audio recordings themselves, is personal data subject to privacy regulation. As the voice user interface is adopted by more companies, and voice data is used in more analytics processes, how a company addresses privacy becomes a prominent concern. 

So how do you prepare for privacy, both as a consumer and as a business? Below are some best practices.

Consumers:

  • Become aware of how the data economy is affecting the privacy of your data and understand the digital footprint you are creating. This includes privacy of your family members.
  • Make your voice heard when it comes to protecting the privacy of your data.
  • Use products and services from companies that honor privacy rights.

Businesses:

  • Identify the types of data that compromise your most important areas for privacy (e.g., HR, customer).
  • Use a reputable third-party website or tool to review the existing regulations and determine the current regulatory environment for your business.
  • Build consensus with the senior management team as well as impacted parties, and create a cohesive privacy program. Most privacy regulations address similar rights for individuals. Ensure you develop a program that is not focused on meeting just one standard, and can be used across multiple regulatory frameworks.
  • Start with a baseline privacy program that uses common privacy principles.
  • Engage an experienced third party to assist with privacy program development. This should be a consultant or business that has experience in helping identify risks and developing plans to address them efficiently and cost effectively.
  • When developing your program, use a commonly-accepted framework, such as the CNIL framework developed by France which was used by California to draft CCPA.
  • Understand how the data economy affects your business, including your supply chain. Your supply chain needs to be privacy aware, and not a potential weak point. Significant issues exist in a number of businesses within the supply chain, especially when it comes to data privacy and third parties. Third parties in your supply chain should be privacy aware, and understand the implications for your business.

Voci has a well-developed privacy program dedicated to protecting the privacy of the data entrusted to us, from employee data to customer data. Our program has been developed to allow our customers to successfully navigate the privacy obstacles that arise in relation to automatic speech recognition/speech to text technology.

Voci’s approach ensures that data is always used with the appropriate consent of the customer and in alignment with customers’ business and regulatory requirements. Access to data for transcription, tuning and specialized language models is governed under a single, unified program. The ability to ensure privacy for all of these business processes is core to Voci’s data management program.

要查看或添加评论,请登录

Jay Pascarella的更多文章

  • Get off the InfoSec Hamster Wheel

    Get off the InfoSec Hamster Wheel

    Regardless of where your information security program falls in the CMMC maturity model. Risk alignment, automation and…

  • Office 365 - Leveraging E1 licensing

    Office 365 - Leveraging E1 licensing

    Office 365 Apps and Services is the preeminent office tool set in use by businesses today. The core apps consist of…

  • Covid-19: Secure your Office 365 and G-Suite platform today!

    Covid-19: Secure your Office 365 and G-Suite platform today!

    With an unprecedented number of users working remotely today, many IT teams are struggling with securing these remote…

  • Governance Risk & Compliance and the Corona virus

    Governance Risk & Compliance and the Corona virus

    Background You may be asking yourself what the corona virus and Governance Risk & Compliance have in common? It's…

  • Are you in the Privacy Business??

    Are you in the Privacy Business??

    Many oganizations would say no to this question. However, if your organization handles consumer data then like it or…

  • Prescriptive Verses Outcome Based Compliance and why it matters!

    Prescriptive Verses Outcome Based Compliance and why it matters!

    So, let's make this simple what is prescriptive verses outcome-based compliance and what should you use in your…

  • A practical guide to Company Culture

    A practical guide to Company Culture

    Company culture is a big focus for many organizations and for good reason. Chances are your company is focused on it at…

  • The Silent Data War (privacy verses convenience)

    The Silent Data War (privacy verses convenience)

    Is the silent data war really silent? We hear about data breaches every day, about how Facebook, Google, Amazon and…

    1 条评论
  • Why supply chain security matters!

    Why supply chain security matters!

    In today's cloud based rapid service deployment model, organizations must rely on a modern Information Technology…

社区洞察

其他会员也浏览了