Today (every year, Jan 28) is observed as the data privacy day. On this occasion different industry leaders made their comments on the importance of data privacy, how data privacy is being dealt with at present, and what else needs to be done to protect data privacy. Below are the comments of the industry experts on data privacy:
Mr. Ripu Bajwa, Director and General Manager, Data Protection Solutions, Dell Technologies India
“With cyber threats becoming increasingly sophisticated, businesses, people and communities at large are highly exposed to malicious attacks. Ransomware and data theft have been a persistent issue through the years globally as well as in India. Dell Technologies 2022 Global Breakthrough Report brought to light some concerning facts — 74% Indian business saw loss of mission critical data due to a cybersecurity incident and almost 40% of the workforce admitted to not having improved their data management knowledge after a serious attack — underlining that cybersecurity cannot be an afterthought anymore. Data Privacy Day serves as a reminder to us all to treat our critical data with gravity. Organizations need to shift their focus to a more proactive security strategy, catering to data needs at the perimeter and also securing the supply chain. The realization is sinking in that the time to #FortifyYourSecurity is now. In the coming years, a Zero Trust mindset will define modern data security protocols further helping us shape data privacy values. The need of the hour is to develop a more holistic approach towards developing robust cyber security and data protection strategies. Even the smallest of efforts like choosing a VPN, conducting a password audit and investing in the correct infrastructure solutions, will go a long way in protecting crucial data. Afterall, Data Privacy is not about complicated measures, it’s about efficiency.”
Mr. Vindhya Vishwanath Kudva, Data Protection, and Information Security Officer, Bosch Global Software Technologies (BGSW)
“Data, both business specific, as well as personal data of stakeholders, is the backbone of any organization. Safeguarding the privacy of our stakeholders by safeguarding their personal data is a key focus area and is achieved by a data privacy strategy that is holistic, proactive and risk-based. Risk management measures are built not by retro-fitting, but proactively, into the design of processes and technology throughout the end-to-end lifecycle of the data flow. At BGSW, we follow a holistic approach to safeguarding the data of the stakeholders. Our people sensitization measures, business processes, and technological systems are designed around internationally accepted standards and principles of data protection and information security. Every element of the IT infrastructure, right from the perimeter to the core database, plays a pivotal role. Designing each element carefully and keeping each element updated in terms of vulnerability management, plays a key role in the overall scheme of things.”
Mr. Anil Kommineni, CTO, Infinity Learn by Sri Chaitanya
“Following the COVID-19 pandemic, the edtech industry has seen massive growth across all levels of education. While the transition to digital applications ensured that students suffered the least, the shift came with its own set of challenges. While, on the one hand, data privacy becomes a crucial challenge for everyone, it is amplified with respect to the data of children. Phishing, improper digital socialization, and a lack of digital parenting are the riskiest factors threatening data privacy. Therefore, it is imperative for the entire edtech ecosystem to identify the problem at its root to eliminate it entirely. To safeguard the digital interests of their learners, parents, and teachers, and protect their curriculum data, industry players can begin by obtaining consent from the learners’ guardians and complying with legal obligations. Learner delight must include conforming to the security and privacy of Learner Data along with guardian and teacher, with end-to-end experiences in perspective; and must protect the Parent/Teacher preferences allowed as appropriate.”
Ms. Anitha S. George, the Vice President and India Head, Celonis
“A robust IT infrastructure is the foundation of a successful business – and data privacy relies on that as well. The hardware and software components – facilities, data centers, servers, routers, CMS, CRM, ERP,- serve as the foundation upon which defenses and protections can be put in place to protect data and help a company comply with various, ever-changing data protection laws. Organizations must realize that security and privacy aren’t just a priority – they are a necessity. Security and privacy needs to be built into everything the organization does: ensuring privacy by design across the entire organization and its products; ensuring access controls are advanced and up to date; taking precautions to always reduce the risk of improper access; making sure all sensitive data is encrypted, whether at rest or in transit. Additionally, organizations should take care to continuously educate themselves and every single employee – for instance, how to properly handle data both business information about Celonis as well as our customer’s data that we are responsible for – to be certain everyone is part of privacy and security efforts, and sees themselves as stewards to help protect the company and customers. At Celonis, we have mandatory privacy training courses every employee must do. A dedicated internal Data Privacy Team maintains and further develops the Celonis Privacy Program. How the privacy program will be managed in the long term as well as who will manage it, are questions that should be considered from the very beginning.”
Brian Gin, Chief Privacy Officer, Trellix
“There’s no doubt privacy is a priority – and Data Privacy Week is a great time to talk about how we all have a key role in protecting it. Sometimes, we as people and organizations make the mistake of thinking privacy is someone else’s job. When in fact, every one of us is critical. Everyone with access to personal information or who helps build a product that does – almost everyone in the workplace – is responsible for safeguarding it. I continue to find the most successful and trusted privacy programs are the ones encouraging and empowering all employees to be responsible for protecting data. People across all functions – marketing, sales, engineering, etc. – not only understand their basic privacy obligations, but also feel it’s their duty to advocate for the proper and ethical use of data. With this strong foundation, and a core belief that we all benefit when privacy is viewed as a fundamental human right, corporate privacy programs can shine. This needs to be the north star we follow.”
Vishak Raman, Vice President of Sales, India, SAARC and southeast Asia at Fortinet
“A total of 5.07 billion people around the world use the internet today, as internet users continue to grow there is still education and work to be done in the realm of data protection. How data is created, shared, processed, and stored today, or the volume of personal data that exists for virtually every human being on earth, there simply cannot be any data privacy without good data security.
The goal of Data Privacy Day is twofold – every user should understand that they have the right and power to protect and manage their personal data, while organizations understand why it is important to protect and safeguard their customers data and Personally Identifiable Information (PII).
Data Privacy Day is a reminder to every organization that accesses personal data to evaluate its IT security infrastructure. IT security solutions should be able to effectively communicate, regardless of where they have been deployed, to optimally protect data and provide network-wide visibility. The network must also include sophisticated data protection measures such as threat prevention and detection, pseudonymization of PII, and internal segmentation to isolate attacks and track customer data.
Every organization must have a documented and tested data breach response planto be prepared for existing data privacy regulations or others on the near horizon.”
Neelesh Kripalani, Chief Technology Officer, Clover Infotech
“The rapid digitalization has turned data into an extremely critical commodity. Organizations have started to collect and process vast amount of data, which has necessitated the implementation of robust data security and privacy practices. Although used interchangeably, data security and data privacy are not the same. Data privacy goes a step beyond data security.
Data Security Vs Data Privacy: While data security is about protecting data from malicious threats, privacy is all about using that data responsibly. Data security uses technologies and concepts such as firewalls, user authentication, access management, along with internal security practices to prevent unauthorized access to data. However, data privacy is more concerned with how an organization stores, process or transmits data, and whether these practices are compliant with the privacy laws and regulations. Hence, we can say that data security focuses on policy enforcement to protect data, while privacy reflects on the responsible usage of data. Why should businesses care about data privacy?:
- It enables them to meet compliance requirements – Data privacy is the branch of data management that deals with handling of personal data in compliance with data protection laws and regulations. Hence, it ensures ‘ethical’ and ‘just’ usage of data, thereby enabling organizations to meet to meet their compliance mandate.
- It prevents financial losses – As per the Ponemon study commissioned by Centrify, 65% of those surveyed said that data breaches make them lose trust in the organization that has been the victim of such attacks. Additionally, one in four individuals confessed to take their business somewhere else after a breach. If organizations fail to make privacy as their priority, they can suffer financial losses and reputation damage through lawsuits and other legal issues.
- To maintain and improve brand value – As per a Forbes Insights report, 46% of the total organizations surveyed confessed to have suffered damage to their reputation and brand value as a result of a privacy breach. Organizations that make protecting the privacy of their customer as one of their primary goals, and strive to achieve it with transparent and stringent privacy practices not only build emotional connections with their customers but also enhance their brand value and loyalty.
The way forward for data privacy: The data privacy landscape, India and abroad, is going through a tectonic shift. Earlier, the customer was largely unaware of the way their data was being stored and utilized. However, now they are digitally more connected, and are mindful of their ‘Rights to Privacy’. According to Cisco’s consumer privacy survey, consumers want more transparency from companies about how their personal data is being used. In this scenario, businesses need to evolve and start thinking of the ways they can build trust and loyalty in their customers. One way to achieve this is by being transparent and communicative about the way they are utilizing their customers’ data. They need to think about providing their customers with verifiable solutions, traceability, and transparency. Additionally, they need to think of ways to balance upholding privacy concerns without annoying users with privacy notifications and too many restrictions.”
Balaji Rao,Area Vice President, Commvault, India & SAARC
Data privacy has always been a hot topic, but in today’s world of data sprawl, data security threats, and increasing data regulations, the stakes have never been higher. Bad actors, human error, ransomware and other security threats pose risks to data every minute of every day, while a more stringent regulatory environment is forcing organizations to enforce compliance – or risk fines. As data continues to increase in volume and sprawl across applications and storage, following evolving regulatory norms is becoming increasingly complicated.
One of the primary challenges with data privacy is an enterprise’s assumption on ‘how ready are they!”. While most companies have data protection strategies, they are often legacy solutions that must be modernized to fit today’s threat landscape. A recent IDC-Commvault study revealed that 71% of Indian organizations, data backup/data recovery is the number one priority for cloud investments for the next two years. But without investing in sufficient budgets to bring in new-age data protection solutions, organizations would fail to attain a future-ready state. The premise of ‘work anywhere, anytime’ has further increased the threat landscape and the potential entry points for an attacker to access files. Companies must implement an effective data protection solution to manage the data sprawl with multi layered protection and multiple tests to deny unauthorized access and ensure fast recovery.
Although we are moving in the right direction, a lot still needs to be addressed. Implementing a more comprehensive Intelligent Data Management platform will enable IT and security leaders to look across their entire ecosystem and identify data sources, and simplify data organization, regardless of where it is located and how it is managed.
If you have an interesting Article / Report/case study to share, please get in touch with us at email@example.com/ firstname.lastname@example.org, 9811346846/9625243429.