Practical Guidance: The Technical Side of Compliance
Recently, Forbes released an article titled 13 Tech Experts Explain Essential Facts About Data Privacy And Data Protection, in which “13 members of Forbes Technology Council further explore and explain data privacy and data protection, their differences and their impact on businesses.”
Kennedy Sutherland has created guides and explainers for most if not all of the concepts explored in this roundup. We’ve summarized Forbes’ points here and linked to further reading on our website.
1. True Data Protection Requires Securing Every Point of Entry
Roger Northrop, the chief technology officer (CTO) of Mutare, Inc. points out that a complete and effective data security process requires companies to “secure every single point of entry” in their information systems.
The first practical step in meeting this security standard outlined by Northrop is to analyze your company’s current cybersecurity and data governance practices. To get started, check out our guide: Cybersecurity Checkup: 5 Steps You Can Take Now.
2. Data Protection Covers The ‘Technical’ Side of Compliance
Northrop and Clément Stenac, the CTO of Dataiku, both stated the differences between data privacy — being the standard of access to certain data collected or stored by an organization — and data protection — which is the actual process for and the procedures and tools used to ensure that this data stays technically protected. However, Stenac noted that they are overlapping by nature as “data protection is the ‘technical’ part of the ‘legal and compliance’ elements defined by data privacy.” To read more about the latest data protection tools, click here.
3. Data Privacy Encompasses Consumers’ and Partners’ Rights To Manage Their Data
According to Jamilia Grier, founder and chief executive officer (CEO) of ByteBao, data privacy for your organization should encompass company policies for both keeping certain information private, and managing a consumers’ right to review, modify, or erase this private data.
This is one thing that has been made increasingly clear over the last few years as several states have adopted legislation requiring covered organizations to include procedures for maintaining and responding to these consumer rights. Check out the following guides for state laws: A Guide to Utah’s Data Privacy Act; CPPA Releases Draft Regulations of CPRA; and How to: CCPA/CPRA Employee Training Requirements. And search our “News and Resources” section for your state:
4. Data Protection Requires Infrastructure Managed by Qualified Engineers
Oleg Lola, Founder and CEO of MobiDev, says that in order to actually protect your organization's data, you need a qualified engineer to oversee your process and ensure that the data is stored safely and secured properly. And, as we discussed in our recently released article: Employee Privacy to See Advance in 2023, finding or maintaining these qualified engineers may present your organization with some challenges this year.
5. Modern Data Privacy Is Moving Toward Limiting Data Collection and Storage
Cyril Korenbeusser, Chief Resilience Officer (CRO) of BNP Paribas, notes that we have recently trended away from the idea that the more data a business can accumulate on a consumer, the better it can serve that consumer. To learn why, check out: Why Organizations Need to Start Implementing Data Minimization.
6. Data Privacy and Data Protection Are Both Key To Building Brand Trust
While Dale Renner, the Founder and CEO of Redpoint Global Inc., agreed with Northrop and Stenac’s approach of distinguishing data privacy and data protection, he acknowledged that both elements are “key to building and maintaining trust with consumers, which will result in a strong and secure brand reputation.”
7. Data Privacy Is Something Every Employee Is Responsible For
Jeff Fettes, CEO of Laivly Inc., proposes that a proper data privacy process requires “day-to-day proper handling of personally identifiable information[.]” While this can be challenging to accomplish, if your organization is larger and handles personally identifiable information (PII), Fettes encourages the use of an external auditor to ensure this day-to-day management is being achieved.
8. Data Privacy Is About Access; Data Protection Is About Security
Laureen Knudsen, chief transformation officer (CTrO) of Broadcom, boasts the importance of data privacy and data protection as they can gain and keep the trust of your customers, vendors, and employees. But what happens when a breach happens anyway? That’s why we have cybersecurity frameworks.
9. Data Privacy and Data Protection Work Together To Protect Companies From Risk
Neil Lampton, President and Chief Operating Officer (COO) of TIAG, stated “data privacy and data protection are different sides of the same coin[,]” both of which “are important and necessary to keep a business running smoothly and to protect companies from risks.”
10. De-Identifying Data Helps Address Both Privacy and Protection
James Beecham, Founder and CEO of ALTR, stated the importance of de-identifying consumer information to ensure data privacy as ensuring a consumer’s privacy “is a commitment to customers that must be honored.”
To learn more about de-identifying your company data, review these articles: Why Your Organization Should Invest in Confidential Computing; Data Classification; Explainer – Polymorphic Encryption.
11. Data Privacy Applies to Highly Sensitive Data; Data Protection to All Data
Suresh Sethuramaswamy, Engineering Lead at Microsoft, stated data protection requires “[a] combination of techniques” to ensure “maximum protection from ransomware, data leaks, accidental damage and so on.” Data Privacy, on the other hand, can be accomplished through “ensuring limited data collection, establishing highly restrictive access controls and meeting compliance requirements.” Our explainer on clean rooms offers some practical guidance for achieving both protection and privacy.
12. There Are Multiple Global Regulations Regarding the Collection and Sharing Of Data
Neelima Mangal, Global Head of Delivery of Nutcache, stated the “crucial” significance of both data privacy and data protection due to the related “legal ramifications and requirements[,]” such as Europe’s General Data Protection Regulation (GDPR), and China’s Data Security Law.
13. To Ensure Both Data Privacy and Protection, You Must Monitor Your Entire Data Pipeline
Nicholas Domnisch, CEO of EES Health, encouraged organizations to approach monitoring their entire “data pipeline” by using end-to-end encryption.