- Join BJ's Wholesale Club for $20, and get a $20 gift card: Deal
- Delivering better business outcomes for CIOs
- Docker Desktop 4.35: Organization Access Tokens, Docker Home, Volumes Export, and Terminal in Docker Desktop | Docker
- Cybercriminals Exploit DocuSign APIs to Send Fake Invoices
- Your iPhone's next iOS 18.2 update may come earlier than usual - with these AI features
Data Privacy and Data Protection: What Enterprises Need to Know
By Anurag Lal, President and CEO of NetSfere
Digital transformation is exponentially increasing the amount of data companies collect, use and store. In fact, it is projected that the total amount of data created, captured, copied, and consumed globally will increase from 64.2 zettabytes in 2020 to more than 180 zettabytes in 2025, enough to fill approximately 10 million DVDs.
That’s a lot of data. As companies generate and become stewards of more and more data, strong data protection and data privacy strategies are essential to enterprise success.
Data protection and data privacy are both critical to keeping sensitive data safe. While data privacy and data protection are interconnected, it is important to understand the distinction between the two terms, their implications for business and best practices for mitigating data loss and reducing compliance risks.
Data protection
Data protection is a broad term that refers to the processes, policies, tools and strategies aimed at securing data availability, integrity and privacy. In today’s digitally transformed enterprises, data protection is mission critical for preventing unauthorized access to data and securing data as it travels across devices.
Data protection is especially critical to business continuity considering the expanded attack surface created by remote and hybrid working models and the increasing frequency and severity of cyberattacks. According to the Identity Theft Resource Center’s Annual Data Breach Report, the number of data compromises reached 1,802 in 2022, impacting approximately 422 million people.
As data grows more valuable and cyberthreats continue to evolve, actively protecting data must be a key focus of every enterprise.
Data privacy
A subset of data protection, data privacy relates to who has authorized access to data. Data privacy essentially dictates how data is collected, handled and managed by organizations. Enterprises, especially those in highly regulated industries such as healthcare and financial services, must understand and comply with a growing number of data privacy regulations. According to a Gartner prediction, by 2024, over 75% of the world’s population will have its personal information covered under modern privacy regulations.
Businesses that don’t comply with the patchwork of data privacy regulations are at risk of data breaches, fines, loss of trust and brand reputation, and operational disruptions. Today, compliance risk is increasing as regulators step up enforcement, cracking down on organizations that don’t meet compliance standards.
The most recent annual report from the Data Protection Commission (DPC), the Irish supervisory authority for the General Data Protection Regulation (GDPR), revealed that in 2022 the DPC concluded 17 Large-Scale inquiries, with administrative fines in excess of €1billion. In 2022, U.S. regulators from the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) fined banking institutions $1.8 billion for employee use of unsanctioned communications apps.
Stricter enforcement of evolving regulatory frameworks require organizations to develop a robust approach to data privacy that works to prevent unauthorized access to data.
Data protection and data privacy best practices
As stewards of an ever-increasing amount of data, enterprises must ensure data protection and data privacy. Organizations can protect data and privacy by following the best practices outlined below.
Educate employees
It is important to educate employees on cybersecurity best practices and ensure they understand that cybersecurity is the responsibility of all stakeholders in an organization. Employee cybersecurity training is especially critical considering that 82% of breaches reportedly involved the human element.
To minimize cyber risk, enterprises should make it a continuing practice to educate employees to recognize phishing scams and other threats, understand cybersecurity best practices and recognize the importance of following security protocols to comply with regulations such as HIPAA and GDPR.
Encrypt all data
Protecting data in transit and at rest requires true end-to-end encryption (E2EE). E2EE makes it impossible for cybercriminals to intercept this data, locking down sensitive information to ensure data privacy, security and compliance.
E2EE is one of the best cyber defenses against threat actors and is mission critical in business applications such as mobile messaging and collaboration technology.
Create Bring Your Own Device (BYOD) Policies
With the rise of remote and hybrid working, devices and data are increasingly travelling outside of the company network, creating a wide variety of security and privacy risks.
To minimize BYOD cyber vulnerabilities, organizations must establish and enforce “acceptable use” policies including requiring the use of passwords with multi-factor authentication, requiring employees to use VPNs when working remotely, prohibiting the downloading of unsanctioned apps, and banning the use of unauthorized messaging apps in workflows.
Understanding the nuances of data protection and data privacy and how to proactively approach both can mitigate the threat of data breaches and help ensure success for today’s data-driven enterprises.
About the Author
Anurag Lal is the President and CEO of NetSfere. With more than 25 years of experience in technology, cybersecurity, ransomware, broadband and mobile security services, Anurag leads a team of talented innovators who are creating secure and trusted enterprise-grade workplace communication technology to equip the enterprise with world-class secure communication solutions. Lal is an expert on global cybersecurity innovations, policies, and risks.
Previously Lal was appointed by the Obama administration to serve as Director of the U.S. National Broadband Task Force. His resume includes time at Meru, iPass, British Telecom and Sprint in leadership positions. Lal has received various industry accolades including recognition by the Wireless Broadband Industry Alliance in the U.K. Lal holds a B.A. in Economics from Delhi University and is based in Washington, D.C.