Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

4/17/2018
10:30 AM
Chris Babel
Chris Babel
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Why We Need Privacy Solutions That Scale Across Borders

New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.

With data the lifeblood of virtually every company in every industry, ensuring privacy has evolved from the responsibility of the legal department to a fundamental corporate issue. But adopting a framework for how we think about privacy and achieve compliance as an organization — including every interaction with customers, partners, and employees — is a continuous and ongoing process that requires businesses to repeat and extend their efforts

In a world where tasks are increasingly becoming automated — performed more efficiently and without the intervention of humans — the idea of throwing more bodies at the "privacy problem" seems old-fashioned and expensive. Rather than taking this ancient approach, the market is looking closer at ways to achieve scale in privacy and develop optimal processes for achieving compliance. But why do we really need privacy solutions that solve compliance across borders?

Scaling Privacy at All Levels
Companies increasingly are harnessing data and putting it to use to drive business value at all levels of the organization. This ranges from marketers slicing and dicing customer data for greater insights and more-tailored campaigns, developers moving data between different IT environments when building new products, and sales working with customers across continents. The move to data-intensive and data-centric companies introduces new privacy issues that must be considered at all levels of the organization, starting with business application owners.

When rolling out a new product or service, application owners need to first assess what kind of data they will collect. Is the data personally identifiable? Is it considered high-risk by any of the regulations to which the organization is subject? Will you need consent if you decide to use the data to better inform your next campaign or product build-out? Where do you plan on safely storing the data and who else in your organization will have access to it — a colleague in another continent who falls under a different set of regulations?

With the dynamic nature of data, these privacy-related questions are never-ending and the privacy architecture is only as strong as its weakest link. To achieve economies of scale and business processes that don't become bogged down by new government regulations, scalable privacy compliance solutions are emerging for easier deployment across borders.

Smarter Compliance
While scaling privacy is a matter of establishing processes and deploying internal solutions to achieve compliance, it's also a matter of extending those processes in order to demonstrate compliance with the multitude of international regulatory rules. Nation-states adhere to their own set of privacy regulations with varying definitions of citizen data, how it should be protected, and the manner with which data can flow through and be accessed via domestic servers. Understandably, this makes business operations for global companies an intricate and complex process.

Regulators today, however, ranging from those in the US to Europe to Asia, increasingly recognize that multinational organizations doing business on a global basis can't realistically meet data protection requirements on a siloed basis, but rather require scalable, interoperable solutions. We are already seeing moves made in the cloud industry with the EU Cloud Code of Conduct — with initial participants including Alibaba, Google, and IBM — and this year, we're likely to see an increase in codes of conduct developing in specific industries or regions that recognize companies for their cross-border compliance efforts.

Whether as employees or consumers, we all stand to win with better and smarter processes to ensure data privacy compliance. Solutions are emerging that can help businesses map and monitor the flow of sensitive information through networks, data centers, and Web-based software, and provide response platforms that help respond to data breaches. Just as the security industry evolved from a white-hat, hacker-based practice 15 years ago to a multibillion-dollar market brimming with hyper-advanced technology, the privacy industry is evolving along the same trajectory with increasingly sophisticated technology solutions and processes. In time, those processes will become as commonplace as a security firewall.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

As CEO of TrustArc, formerly known as TRUSTe, Chris has led the company through significant growth and transformation into a leading global privacy compliance and risk management company. Before joining TrustArc, Chris spent over a decade building online trust, most recently ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.