Data Privacy Strategies for Mitigating Inherited Data Risks
Debbie Reynolds
The Data Diva | Data Privacy & Emerging Technologies Advisor | Technologist | Keynote Speaker | Helping Companies Make Data Privacy and Business Advantage | Advisor | Futurist | #1 Data Privacy Podcast Host | Polymath
An inheritance is not always a good thing, especially when your organization is inheriting Data Privacy risks.
Inherited data risks refer to the potential data privacy challenges that arise when an organization acquires data from another company through business transactions such as acquisitions, mergers,? partnerships, or normal business processes. These risks are primarily associated with the data the acquiring company inherits without being involved in its original collection, management, or governance. Inherited data risks present significant and often hidden challenges, primarily from inadequate knowledge of data's provenance and lack of data sensitivity classification, which may cause misalignment with privacy obligations.?
This essay outlines effective Data Privacy strategies for mitigating inherited data risks, focusing on understanding data lineage, recognizing sensitive data, and treating privacy as a strategic business risk.
Inherited Data Privacy Risk: Poor Data Lineage
Understanding Data Lineage is not just a best practice but a crucial necessity for organizations to effectively manage inherited data risks. Poor Data Lineage can often lead to hidden risks, potentially resulting in legal and reputational damages when organizations assume they have no obligation to understand data origins. Data lineage involves tracking the life cycle of data, including its origins before your organization received the data and what legally can be done with the data within the organization. By implementing data mapping protocols, organizations can better understand data intake and data flows, ensuring any inherited data can be accurately tracked from its source. Regular audits and documentation are vital to keep the data lineage records accurate and reflective of current data practices. Also, training programs for employees on the importance of data lineage can enhance an organization’s ability to manage data responsibly and recognize potential risks in data inheritance.
Inherited Data Privacy Risk: Lack of Classification for Sensitive Data
The recent developments, such as President Biden's Sensitive Data Executive Order and the Federal Trade Commission (FTC) case against X-Mode/Outlogic, underscore the urgent need for organizations to recognize Sensitive Data. This need will become more important, especially with the FTC’s action against X-Mode/Outlogic and President Biden’s Executive Order reinforcing the critical nature of categorizing sensitive data such as location and personal information. Immediate action is required to ensure compliance and protect the organization's reputation.
Although the Biden Executive Order on Sensitive Data is about data of US individuals sent to countries of concern, the blueprint established for categorizing sensitive data will likely become the norm in organizations regardless of whether organizations are in danger of sending sensitive personal data to countries of concern.? The Executive Order categorizes sensitive data into six categories: personal finance (such as credit card information), health (such as medical records), geolocation (such as GPS data), precise geolocation (such as real-time location data), biometric identifiers (such as fingerprints), and human genomic data (such as DNA sequences). Understanding what data is sensitive or not will become a crucial data point for organizations to fully track and understand in the future.?
In the X-Mode/Outlogic the FTC stated that organizations who sell sensitive data must verify that they have proper individual consent for sensitive data, even if it is received from another company.? Organizations should establish data classification frameworks to accurately identify and categorize sensitive data, ensuring compliance with privacy obligations. Enhanced protective measures such as encryption, access controls, and secure storage and using privacy enhancing technologies (PETs) like anonymization tools, data loss prevention systems, and secure data sharing platforms can be applied to protect sensitive data from unauthorized access and breaches. Additionally, conducting Privacy Impact Assessments, including questions about inherited data, will help organizations understand risks associated with sensitive data and implement appropriate mitigation measures.
Inherited Data Privacy Risk: Not understanding that Data Privacy Risk is Business Risk
Treating Data Privacy as a Business Risk involves integrating privacy considerations into the organization's broader risk management framework. This means that privacy risks should be evaluated with the same rigor as financial or other operational risks. Data is one of the most valuable assets in organizations, and having a better understanding of inherited data risks will be vital for organizations in the future.
This approach ensures that privacy risks are evaluated as a foundational area of concern with the same rigor as financial or other operational risks. The active involvement of senior management in privacy issues is crucial as it ensures that adequate resources and attention are dedicated to data privacy risks of inherited data, not just in the legal sphere but also in the day-to-day operational sphere of the organization. Organizations need to understand inherited data risks as data rights become more complex.
Managing inherited data risk is critical for organizations engaging in business transactions involving data acquisition. By adopting comprehensive data mapping protocols, establishing robust classification frameworks, and treating privacy risks as significant business concerns, organizations can better safeguard against the potential pitfalls associated with inherited data. Additionally, the involvement of senior management and the continuous education of employees about data privacy is crucial to ensuring that privacy obligations are met and that the organization remains compliant with evolving regulatory requirements. Managing inherited data risks effectively protects the organization and upholds its stakeholders' trust and confidence while making Data Privacy a Business Advantage.
Debbie Reynolds "The Data Diva" Keynote Addresses
I'm thrilled to extend my heartfelt thanks to Volkswagen Credit, USDA, Ally Financial, National Grid, Lawrence Livermore National Laboratory, Northwestern Mutual, PayPal, Coca-Cola, FRTIB, Hewlett Packard Enterprises, WestRock, Capital Group, Johnson & Johnson, Uber, S&P Global, FDIC, DHL Supply Chain, The Erikson Institute, and Rubrik for the privilege of being your Keynote Speaker. Your commitment to innovation and excellence is inspiring, and I'm honored to have contributed to your events.
The Pact Data Privacy Trust Framework
Debbie Reynolds, "The Data Diva," launched the PACT "Data Privacy" Trust Framework & Scorecard. This Framework can evaluate regulatory and business risk and the Trust of individuals around "Data Privacy". This is a gut check for organizations of all sizes to rate and triage their "Data Privacy" challenges. This Framework addresses Purpose, Alignment, Context, and Transparency. Watch this video to learn the basics as Debbie Reynolds explains the PACT Data Privacy Trust Framework & Scorecard in 6 minutes.
Visit our website to learn more about the PACT Data Privacy Trust Framework & Scorecard .
Do you need a Data+Privacy+Technology Workshop? Here are the top ten most requested Data Privacy Workshops for 2024:
Each 120-minute workshop structure includes:
Materials Provided:
Did you know that "The Data Diva" Talks Privacy podcast has listeners in 113 countries and 2407 cities and is ranked globally in the top 2% of podcasts? Here are more of our accolades:
Watch a video short of our podcast on Tuesday, May 21, 2024, The Data Diva E185 - Debra Brookes , Former Deputy Virtual Currency Chief - Research and Innovation Division, New York State Department of Financial Services. Here is a sneak preview of our Data Diva Podcast guests:
Don't miss the new weekly episodes of "The Data Diva" Talks Privacy Podcast , so listen and subscribe.
The Data Diva talks Privacy Podcast offers podcast sponsorships. Each level reflects a different degree of involvement and support for the podcast, catering to a wide range of sponsors from different sectors of the privacy community. If your organization is interested in exploring podcast sponsorship, please contact us!
Many thanks to "The Data Diva" Talks Privacy Podcast Sponsor and Privacy Visionary, Smartbox AI, for sponsoring this episode and supporting our podcast. Smartbox.ai , named British AI Company of the Year, provides cutting-edge AI, helps privacy and technology experts uniquely master their Data Request challenges, and makes it easier to comply with Global data protection requirements, FOIA requests, and various US state privacy regulations. Their technology is a game-changer for anyone needing to sift through complex data, find data,? and redact sensitive information. With clients across North America and Europe and a major partnership with Xerox, Smartbox.ai is bringing their data expertise right to our doorstep, offering insights into navigating the complex world of global data laws. For more information about Smartbox AI, visit their website at https://www.smartbox.ai . Enjoy the show.
Do you need a Data Diva Exclusive? Courtesy of Data Diva Media and "The Data Diva," in cooperation with our podcast's generous supporters, I am happy to share some valuable exclusives with our newsletter subscribers.
Many thanks to "The Data Diva" Talks Privacy podcast supporter Integral, a group that is revolutionizing health data compliance. Top tech and pharma leaders trust Integral's Privacy Workbench platform to simplify and speed up the expert determination process, ensuring compliant de-identification of sensitive datasets. No more guesswork about privacy risks or remediation options—Integral’s continuous monitoring keeps your data consistent and secure. Curious to streamline your data collaboration efforts? For more information about Integral, visit their website's Data Diva Link: https://why.useintegral.com/thedatadiva
领英推荐
Many thanks to our Award-winning podcast sponsor, Safeguard Privacy, for offering a "Data Diva" exclusive offer! Get 15% off the first year of Safeguard Privacy compliance software using the code: DATADIVA15%
Congratulations to our Podcast Guest, The Data Diva E97 - Prashant Mahajan , Co-Founder & CTO, Privado , for Privado's recently announced raising of $17.5M?funding led by Insight Partners , Sequoia India , Emergent Ventures , and Together Fund .?The Data Diva is a proud supporter of Privado, and I am thrilled to see its continued success. Privado bridges the gap between Privacy and Engineering by giving Privacy teams real-time visibility into engineering systems. Privado helps protect privacy by detecting privacy issues before the software changes or new products are shipped.
Courtesy of August 2022 Data Diva Podcast Guest Gal Ringel and Mine PrivacyOps, we are pleased to offer an exclusive discount to organizations. Thank you to our sponsor, Mine Privacy Ops, The first platform dedicated to handling Data Privacy operations while placing consumers and user experience at the center. #1 highest-rated Data Privacy Management Software, the #1 highest-rated DSR/DSAR Software, as well as the #1 highest-rated Sensitive Data Discovery Software in the industry on G2, the leading business software and services reviews platform. Use Mine PrivacyOps as your organization's Data Privacy management solution and receive a 20% discount on DSR, Data Mapping, and ROPA modules.
*To get the discount, contact [email protected] and add?Datadiva20 to the subject line.
Technics Publications?has graciously offered a Data Diva Promotion. Anyone who uses the coupon code?TheDataDiva?receives 20% off. The Promotional code is good for all books on the website, with the exception of DMBOK books. Visit the Technics Publications website now to take advantage of this off
Need a publication discount on Data Privacy books and digital products? Purchase any products (including Data Privacy books) from the Manning Publications website, and you can use?The Data Diva's permanent 35% discount code (good for all our products in all formats) using the following code at checkout: poddatadiva22
Need a VPN, Internet Controls, and Virus Protection? Data Diva Podcast alumni guest for episode 60 , Brad Hawkins , CEO of SaferNet ,?has a special offer!?SaferNet provides a very easy-to-use 3-in-1 device-level Cyber Safety protection solution, including an award-winning VPN, Internet Controls, and Virus Protection. SaferNet is ideal for individuals and small to medium-sized businesses who want reliable data protection. "The Data Diva" herself loves the product!?Go to https://www.safernet.com/ and buy an annual SafeNet plan for 25% off, which can be paid monthly or annually using the case-sensitive code:?datadiva
Need a Privacy-Friendly Internet Browser extension? Data Diva Podcast alumni guest for episode 28 , Kelly Finnerty , Director of Brand and Content at Startpage, has a special offer! If you are looking for more control over your Data Privacy and less behavioral tracking while surfing the Internet, look no further.
Install Startpage Privacy Protection Extension for Chrome and Firefox: Install the link here
The Ultimate Easy Peasy Guide to Dependable DPIAs by Jamal Ahmed
Introducing: The Ultimate Easy Peasy Guide to Dependable DPIAs by Jamal Ahmed, a previous "Data Diva" Talks Privacy Podcast alumni.?Data Privacy isn’t just about protecting information; it’s about safeguarding trust, ensuring ethical responsibility, and preserving brand reputation.
Are you finding it challenging to navigate the complex world of Data Protection Impact Assessments (DPIAs)? Worry no more!
Jamal has developed the guide that takes the mystery out of DPIAs and puts YOU in control. Welcome to The Ultimate Easy Peasy Guide to Dependable DPIAs, your comprehensive guide to a confident data protection strategy.
Use the discount code “DataDiva” to get 70% off this digital product.
See our recently featured five-minute videos on Data Privacy from The Data Diva:
Do you want to see more original video content on emerging Data Privacy topics? Subscribe to our YouTube channel to get notified about each week's new video.
Many thanks to the press organizations and reporters who seek my commentary on important events around Data Privacy. Also, here are links to some of my other media collaborations. Here is a collection of a few of my 2023-2024 media mentions and collaborations:
Please see our website media mention section for a full list of media mentions.
Need a Keynote Speaker on "Data Privacy", Data Protection, and Technology issues? View our keynote speaker page for popular talks and topics. Ready to speak to "The Data Diva" about your speaking event? Fill out our speaker request form and Schedule a call now .
Do you need more Data Diva Events?
Data Diva Media is a media production operation providing?world-class video and podcast editing services.
Our Media Services include:
Ready to start your media project with "Data Diva" Media? Visit our Data Diva Media Website Page for more details and to schedule a meeting with the "Data Diva" Talks Privacy Podcast
Our LinkTree
Privacy Technology @ American Airlines | Data Privacy and Governance | Data Engineering & Analytics
6 个月Great article Debbie Reynolds! This approach will not only help uncover hidden risks but also enable prioritization of work required to truly shift the Privacy, Security and Governance practices to left of the software design and development.
Linkability.us Founder | Growth Strategist for Professionals Driving Business Success | Proven Systems for Sales & Brand Authority
6 个月You are always knocking it out of the park with your insights, Debbie Reynolds! You do such a great job pulling together what is most critical to be aware of now and what to anticipate in the future. Thanks for everything you do, Debbie.
Team Builder, Startup Cofounder and App Store Inventor
6 个月data security, registration/login and identity are the three major part of privacy and securing our future world!
Award Winning Global Privacy Expert, Speaker & Media Commentator | Bestselling Author, Podcast Host & Career Coach | I Help Mid Career Professionals Become Confident, Capable & Credible World-Class Privacy Experts
6 个月Understanding the origins and lifecycles of data is indeed paramount in today's data-driven landscape.