Data Breaches – With the rise in Data Breach incidents around the world, specifically targeting PI/PII and payment information, there’s has been an increasing need to have proper Data Protection controls to minimise the risk of such incidents occurring. And mostly these incidents lead to massive data loss, with data being taken by the attackers, and not just limited to compromising the organisation’s network.
Privacy Regulations around the world help in setting the expectation and establishing guide rails for organisations looking to decode the changing world of data protection requirements. However, it may not be enough for organisations to just employ legal experts to help them decode the complex legal terminologies and associated legal jargon or understand the actual fines if they fail to meet the jurisdictional privacy regulation/law. GDPR is a classic case in point example here. But the bigger picture with addressing privacy involves having proper processes, controls, technologies, and people (acting as pillars) working in perfect harmony with a common goal of attaining compliance with the requirements of the privacy regulation/law. Even if one pillar fails, it gives rise to gaps, which can then be exploited by malicious actors.
Cyber Security (Information Security) is a key player in managing the challenges around data breaches. Cyber Security holds the key to joining the dots around processes, controls, technologies, and people. It is the need of the hour for organisations to look beyond traditional way of managing risks around Data. It’s not feasible to keep the “over-lapping” areas between Privacy and Cyber Security separate. Cyber Security provides the necessary security and technology controls framework to help comply with Privacy and Data Protection requirements – For e.g. Implementing and managing DLP controls, data de-identification, data encryption or masking, raising security awareness levels, etc.
For the above reasons, Legal, Data Governance (Privacy), and Cyber Security divisions will need to work more cohesively to address the challenges around Data Breaches. By the looks of it, many organisations are realising the benefits of the team work. However, there’s more work needed in this space for proper data risk management. One way is to start building a community of key policy and decision makers along with practitioners on the ground, where these risks can be tackled proactively rather than re-actively.
I welcome your comments and views.