An interview with Anas Baig, product manager and cyber security expert with Securiti.
Why should organizations prioritize privacy?
There are plenty of reasons why they should, but I’ll focus on the two most important ones.
First, it’s no longer a choice. An increasing number of countries are drafting privacy regulations. Hence, it is now a legal obligation for organizations to ensure they have adequate privacy protection mechanisms and practices in place. In that respect, it’s no different than ensuring an organization has its finances in order or that its hiring policies are not biased.
Second, customers now expect it. This may very well be the most important reason too. Customers are now better-educated about their online privacy rights than ever before. They want to know how a website plans to protect its data once it is collected. They want to know what measures are in place to ensure no unauthorized access to their data. They want to know if any third-parties will have access to this collected data. They want to know the purpose behind the collection of data. Privacy regulations encourage users to exercise their data rights.
Organizations that lack a proactive approach to ensuring their users’ rights to privacy will lose their customers’ trust. And of all the things in the business world, trust is by far the hardest to earn back. That should be one of your top reasons to prioritize privacy.
How should business leaders implement privacy programs in their companies?
There’s no hard and fast rule when it comes to this. All organizations are different. Each organization has distinct needs and requirements based on how they operate. While their obligations are similar, how they adhere to these obligations can differ based on various factors.
Nonetheless, there are several fundamentals that any organization’s internal privacy program must have.
First, conduct a thorough data mapping of all your data resources. This will prove invaluable in taking stock of servers, devices, and cloud services the organization uses to collect, store, and transmit data. Additionally, it will give you better insights into potential blindspots and what steps you can take to increase your overall data protection mechanisms.
Second, implement strict access controls. Whether employee data or any other personal data, your data is extremely valuable. You must have protocols to ensure that this data is only accessible by personnel with the operational need to access it. This will also help deter any insider threats.
Third, know exactly which regulations you’re subject to and your responsibilities per those regulations. Your entire privacy program depends on which regulations you must comply with, so ensure that you’re on top of this from the get-go.
What are the biggest misconceptions that people have about privacy?
There are several misconceptions that regular users have about their privacy. Some of the most common ones are that using the Incognito Mode in their browsers can help them evade online tracking or that a website’s privacy policies are a waste of time.
These misconceptions exist for various reasons, but the most common one seems to be a lack of awareness. As I mentioned earlier, users are now more educated about their digital rights, but sometimes these misconceptions can continue to exist because of how vaguely most organizations explain their policies.
Users know that their online browsing sessions are tracked via cookies, but most don’t know the different types of cookies in use and how they track a user across their browsing sessions. Then we have first-party and third-party cookies, a whole different can of worms.
What’s the most effective way to meet compliance requirements?
It may appear complicated at first, but any organization can achieve compliance with every regulation they’re subject to by using automation, regardless of their scale.
Since most organizations are subject to multiple privacy regulations with distinct requirements, it is next to impossible for an organization to adhere to each regulation’s requirements fully.
Hence, opting for automation makes both operational and financial sense, since it can save you millions in non-compliance fines while helping an organization free up its manpower resources and put them to use elsewhere.
How is privacy different in 2022 than it was 5, or even 10 years ago?
It wouldn’t be wrong to say that it has transformed completely. The primary reason for that is due to privacy-related regulations across the world — more specifically, the General Data Protection Regulation, more popularly known as the GDPR. It came into effect in 2018, and if we’re talking about digital privacy, there are two eras: before GDPR and after.
The GDPR wasn’t the first privacy regulation. Several countries had regulations of a similar nature in effect years and, in some cases, decades before the GDPR came into effect. However, none of them had the far-reaching impact on businesses that the GDPR did. Its scope not only covered organizations based in the EU, but any organization providing services to residents in the EU. Whether you were a multi-billion dollar enterprise or just some non-profit, each website had an equal share of responsibility to ensure the users’ right to privacy related to their data.
More importantly, it placed several obligations on organizations that essentially required these organizations to alter their business practices radically in some cases. That had a ripple effect as we’ve seen more and more countries adopting similar legislation.
Today, organizations must treat privacy as a strategic goal rather than as a mere formality. Websites can’t just go about collecting as much data as they want without any oversight. Users and their right to privacy are now much better protected than ever, and constant efforts are being made to make further improvements.
What innovations make Securiti’s product unique?
Well, I could go on and on for hours in that regard.
In a short space of time, Securiti has emerged as a market leader in providing enterprise solutions in privacy compliance and governance. We have a slew of privacy-oriented products, such as cookie consent management, privacy notice management, data breach management, and DSR automation, backed up by our state-of-the-art artificial intelligence and machine-learning-based algorithms.
Our latest offering, the Unified Data Controls, aims to simplify compliance for organizations by streamlining the entire compliance process and its individual obligations through a centralized dashboard.
With a single module to carry out sensitive data discovery across multitudes of data assets, data classification, metadata cataloging, and risk analysis, you get a single source of truth to fulfill fundamental privacy rights obligations, reporting, and auditing that ultimately helps you reduce cost, complexity, and data conflicts across teams.
The automated data mapping, consent management, and assessment modules enable privacy teams to fulfill privacy obligations for enhanced compliance with all major data regulations globally. Additionally, with 300+ built-in connectors, you can integrate Securiti with multitudes of IaaS, SaaS, hybrid, and on-premises architectures to streamline multicloud adoption and migration.
For more from Anas Baig, click here. Lastly, to receive more timely cyber security news, top-tier reports and cutting-edge analyses, please sign up for the cybertalk.org newsletter.