Data Privacy

What is data privacy?

Data privacy ensures that data is collected, stored, processed, and shared in a way that complies with data protection laws, regulations, and general privacy best practices. It refers to the protection of personal and confidential data and is part of a broader topic ꟷ data governance.

Foundational privacy principles & frameworks

Strong programs are grounded in principles such as:

• Access
• Transparency
• Consent
• Data quality
• Collection/retention/use limitation
• Privacy by design
• Security

All these are supported by data privacy policies and a current inventory/classification of personal data.

These principles govern responsible data collection and map to concrete security and data privacy measures across the lifecycle. Many organizations use frameworks like the NIST Privacy Framework and the Fair Information Practice Principles (FIPPs) to structure policy and controls.

Why is data privacy important?

Organizations deal with all types of data, often times sensitive information such as customer data, financial records, trade secrets, business strategies, and intellectual property. This kind of data is extremely valuable, and companies must make sure they're protecting it properly. Data privacy is one aspect of this, and it is important for several reasons:

• Protection and control over personal information. This is even more important when it comes to PII - personally identifiable information, which can be used to identify both, individual consumers and corporate customers. To name a few data points, PII includes name, date of birth, social security number, address, and credit card information. If protected properly, individual's and corporate customer's data is less likely to fall into the wrong hands.
• Compliance with laws and regulations. Managing data in compliance with regulations is crucial in order to avoid financial penalties, reputational damage, and legal actions while also protecting against data breaches that could lead to serious consequences for both the business and customer, as well as damage trust.
• Trust and reputation. Customers, clients, and partners are more likely to feel confident when sharing personal information with organizations that are committed to data privacy. Having the standing of a trustworthy company can foster long-term relationships and enhance an organization's reputation.

Complying with the EU's data privacy laws

Data privacy laws in the European Union have created information management challenges for companies around the world. Under the EU's General Data Protection Regulation (GDPR), organizations that collect, process, use and store data about EU residents must explicitly gain consent from residents and respond quickly to inquiries from residents about their personal information. The data protection law also means organizations must also be able to eliminate personal information at a resident's request.

These data privacy regulations took effect in May 2018, and penalties for failing to comply with the data protection act are significant: organizations may incur fines of more than £20 million or 4% of annual worldwide revenue, whichever number is higher.

To achieve this granular level of data privacy management, many organizations have overhauled their information management technology. As the EU continues to emphasize data protection, organizations need powerful data privacy solutions that can be implemented quickly and that minimize the cost and complexity of GDPR compliance.

What the EU's data privacy act means for email

The European Union's data privacy regulations impact email as well, as these communications by their nature contain personal information. The GDPR requires that organizations manage backup and archived copies of email with precision, since administrators need to produce and delete specific email upon request. This presents challenges for organizations in regulated industries like finance or healthcare where competing and contradictory regulations make things more complex.

GDPR compliance also requires a greater focus on data security to prevent a cyber attack from stealing or exposing personal information.

What are some challenges businesses face while ensuring data privacy?

Businesses face more than one challenge when ensuring data privacy. Some of those include:

• Protecting data in a digital ecosystem. With more businesses going digital and utilizing cloud services, ensuring data privacy across various platforms, devices, and application can be daunting. Organizations must ensure consistent protection.
• Balancing needs. On the one hand, companies need to collect and process data for several reasons, e.g. to be able to provide tailored services to their clients or improve internal operations. On the other hand, they must comply with and follow data privacy requirements. Balancing these two can be very challenging and complex.
• Keeping up with the rapidly changing regulatory landscape. Keeping up with the ever-changing data privacy requirements and regulations is difficult – even more so, when your business operates in more than one country. Understanding the regulatory requirements and implementing compliance obligations can be demanding and time-consuming. Tackling these challenges requires a thoughtful strategy that involves implementing strong privacy policies and best practices, investing in the right cyber security solutions and technology, and educating your employees.
• End-user privacy challenges. Online privacy risks, like cross-site tracking/cookies, opaque notices, and oversharing, reduce users’ sense of control and can contribute to identity theft after a data breach. Insider misuse also remains a risk that organizations must address with clear data privacy practices.
• Vendor accountability under law. Under regulations like GDPR, organizations can be legally responsible for vendors’ handling of personal data. Ensuring third parties meet data privacy regulation requirements and documenting ongoing data privacy compliance is essential to reduce risk across the supply chain.
• Rising breach costs & security posture. Independent research shows data breach costs continue to rise; investing in privacy-supporting tools and security measures strengthens posture and speeds response, reducing exposure of sensitive data.

What are some data privacy best practices?

The following are some data privacy best practices all organizations should implement

• Know what data you have and how it is being used
• Data should only be accessible to those with proper credentials
• Users should have access only to the data they need to perform their jobs
• Use encryption whenever possible
• Conduct regular vulnerability assessments
• Perform vulnerability assessments
• Use anti-malware and other security software
• Implement and enforce data usage policies
• Train users on the use of strong passwords
• Provide users with security training
• Use two-factor authentication
• Delete data once it is no longer needed

Comply with data privacy regulations with help from Mimecast

To manage the demands of EU data privacy laws, organizations can turn to cloud-based email management services from Mimecast. Built on a highly scalable cloud platform, Mimecast's offerings are available as a fully integrated subscription service that lets organizations avoid the need for capital expense, on-premise hardware and disjointed point solutions from multiple vendors.

Mimecast's security services provide state-of-the-art defense against advanced threats like impersonation fraud, spear-phishing, malicious URLs and malicious attachments. Mimecast also effectively stops viruses, malware, spam and data leaks at the email gateway.

Mimecast also offers multipurpose archiving technology to simplify management of archived email. Providing enterprise data protection, Mimecast's archiving solution provides fine-grained control that lets administrators comply easily with data privacy laws using fast e-discovery, smart tagging, and powerful search and retrieval tools.