Endpoint //

Privacy

4/17/2018
10:30 AM
Chris Babel
Chris Babel
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Why We Need Privacy Solutions That Scale Across Borders

New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.

With data the lifeblood of virtually every company in every industry, ensuring privacy has evolved from the responsibility of the legal department to a fundamental corporate issue. But adopting a framework for how we think about privacy and achieve compliance as an organization — including every interaction with customers, partners, and employees — is a continuous and ongoing process that requires businesses to repeat and extend their efforts

In a world where tasks are increasingly becoming automated — performed more efficiently and without the intervention of humans — the idea of throwing more bodies at the "privacy problem" seems old-fashioned and expensive. Rather than taking this ancient approach, the market is looking closer at ways to achieve scale in privacy and develop optimal processes for achieving compliance. But why do we really need privacy solutions that solve compliance across borders?

Scaling Privacy at All Levels
Companies increasingly are harnessing data and putting it to use to drive business value at all levels of the organization. This ranges from marketers slicing and dicing customer data for greater insights and more-tailored campaigns, developers moving data between different IT environments when building new products, and sales working with customers across continents. The move to data-intensive and data-centric companies introduces new privacy issues that must be considered at all levels of the organization, starting with business application owners.

When rolling out a new product or service, application owners need to first assess what kind of data they will collect. Is the data personally identifiable? Is it considered high-risk by any of the regulations to which the organization is subject? Will you need consent if you decide to use the data to better inform your next campaign or product build-out? Where do you plan on safely storing the data and who else in your organization will have access to it — a colleague in another continent who falls under a different set of regulations?

With the dynamic nature of data, these privacy-related questions are never-ending and the privacy architecture is only as strong as its weakest link. To achieve economies of scale and business processes that don't become bogged down by new government regulations, scalable privacy compliance solutions are emerging for easier deployment across borders.

Smarter Compliance
While scaling privacy is a matter of establishing processes and deploying internal solutions to achieve compliance, it's also a matter of extending those processes in order to demonstrate compliance with the multitude of international regulatory rules. Nation-states adhere to their own set of privacy regulations with varying definitions of citizen data, how it should be protected, and the manner with which data can flow through and be accessed via domestic servers. Understandably, this makes business operations for global companies an intricate and complex process.

Regulators today, however, ranging from those in the US to Europe to Asia, increasingly recognize that multinational organizations doing business on a global basis can't realistically meet data protection requirements on a siloed basis, but rather require scalable, interoperable solutions. We are already seeing moves made in the cloud industry with the EU Cloud Code of Conduct — with initial participants including Alibaba, Google, and IBM — and this year, we're likely to see an increase in codes of conduct developing in specific industries or regions that recognize companies for their cross-border compliance efforts.

Whether as employees or consumers, we all stand to win with better and smarter processes to ensure data privacy compliance. Solutions are emerging that can help businesses map and monitor the flow of sensitive information through networks, data centers, and Web-based software, and provide response platforms that help respond to data breaches. Just as the security industry evolved from a white-hat, hacker-based practice 15 years ago to a multibillion-dollar market brimming with hyper-advanced technology, the privacy industry is evolving along the same trajectory with increasingly sophisticated technology solutions and processes. In time, those processes will become as commonplace as a security firewall.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

As CEO of TrustArc, formerly known as TRUSTe, Chris has led the company through significant growth and transformation into a leading global privacy compliance and risk management company. Before joining TrustArc, Chris spent over a decade building online trust, most recently ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5780
PUBLISHED: 2019-02-19
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.
CVE-2019-5781
PUBLISHED: 2019-02-19
Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
CVE-2019-5782
PUBLISHED: 2019-02-19
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2019-5783
PUBLISHED: 2019-02-19
Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page.
CVE-2019-5766
PUBLISHED: 2019-02-19
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.