Every January 28th, Data Privacy Day reminds organizations and individuals alike that data protection – at all levels – is a crucial and ongoing effort.
The continued ripple effects of the global pandemic have resulted in unprecedented and disruptive developments in the areas of personal privacy and data protection that require privacy professionals to think strategically about navigating a complex mosaic of evolving laws and regulations. We see increased privacy risk associated with the cross-border processing of personal data, in an uncharted regulatory landscape with varying interpretations and guidance, increased risk from outsourcing data processing to third parties, and heightened awareness and increased vigilance in the exercise of individual privacy rights. Data Protection Authorities (DPAs) are also demonstrating enforcement of new laws and regulations.
Added to that, COVID-19 has upended and transformed how we approach work. Remote “work from anywhere” arrangements, increased usage of audio-visual collaboration and sales enablement tools bring increased productivity in many instances, but also carry with them heightened security and privacy risks. This raises further concerns about employee monitoring, requiring us to work harder to engage with employees to provide transparency to build trust. We believe the workplace will be forever changed and we will continue to see these trends rapidly evolve.
Additionally, supply chain attacks, data breaches, ransomware attacks, and constantly evolving cyber threats bring data security and privacy issues sharply to the forefront, heightening corporate anxiety. However, amid the patchwork quilt of different compliance obligations, continued interpretation of the data protection authority guidance around current privacy laws, and forthcoming regulations to protect personal data, there are positive changes to help proactively safeguard personally identifiable information (PII) throughout the data lifecycle.
An Accumulation of Choices
Strong privacy protection is the end-result of an accumulation of daily personal (and corporate) choices. Here at BlackBerry, our guiding principle is to always establish and maintain trust. Data Privacy Day reminds us that every day, we make promises to our clients and customers to be good stewards of the personal data we process and maintain on their behalf.
We must continue to challenge our own high standards and ask ourselves regularly if what we are doing is not only ethical and right, but also represents our very best efforts to offer world-class products and services to safeguard the personal data entrusted to each of us – both here within BlackBerry, and to the millions of customers and citizens our products protect.
Gartner predicts that by the end of next year, 75% of the world’s population will have its personal data covered by modern privacy regulations, with spending on data protection and compliance passing $15 billion worldwide. Seen in this light, security and risk management has become a board-level issue on a global scale.
Looking forward, organizations would be wise to continually assess and devote adequate resources to protecting their customers’ and employees’ privacy, and provide full transparency into how that data is processed. Adoption of a Zero Trust security model, and tactics including continuous management of security vulnerabilities, enforcing multi-factor authentication (MFA), data minimization in the product development process, and regular review of authorized role-based data access privileges, are just a few of the best practices to protect assets and data.
Privacy must be top-of-mind for organizations looking to build trust among their users. Cybersecurity needs to have buy-in from senior leadership from the get-go, and we need to lead by example – by highlighting privacy issues and devoting adequate resources to cyber safety, alongside promoting privacy as a strong aspect of workplace culture. Privacy champions across the business, who promote good privacy practices, are critical to this effort. In short, everyone has a responsibility to protect personal data.
Simply stated, it is both a challenging and exciting time to be in privacy. We need to always be taking a Kaizen approach to continuously improve how privacy is supported within our organizations. There is still a lot of work we all need to do to foster greater privacy awareness and build trust.