ASG is now part of Rocket Software! Please visit to learn more. Follow our journey
Blog > April 2019 > A Framework for Data Privacy Survival  

A Framework for Data Privacy Survival  

A combination of events has made data privacy one of the hottest topics in data management. In a recent webinar, I talked about the current state of privacy and how to survive the challenges associated with privacy management with Kevin Moos, the President of Primitive Logic, an ASG partner.
Several pressures are working together to drive changes around how we protect the privacy of data:
  • We, as people, recognize that we own our own data and are more aware of (and concerned about) what’s happening to it – and so are the regulators.
  • Every business must be an information business if it wants to win the competition for success, or even survival, in our increasingly digital economy.
  • There’s more data, of more kinds, changing faster – all the time.
  • Those who would misuse our data are increasingly creative, with targeted phishing attacks being the most prevalent threat according to a CyberArk Global survey of 1,300 IT professionals.
This all adds up to a greater need to make sure data is protected, and that your customers and partners know it’s protected.

Data breaches hit the headlines often, and the embarrassment for the affected is usually significant. It’s not just Facebook—names like Marriott, T-Mobile, Earl Enterprises (owners of brands like Buca di Beppo and Planet Hollywood), Toyota and UCLA have all been hit recently with tens of millions of people having their personal data exposed. According to the Information Theft Resource Center, more than 446 million personal records were exposed in 2018.
The cost of the kind of publicity that comes with a data breach can be substantial in reputation, revenue and market value. A Harris poll commissioned by IBM revealed that 75 percent of customers will not buy a product if they don't trust the company to protect their data, while 73 percent think businesses are more focused on profits than securing personal data.

Attackers are busy, and customers have noticed. It’s no surprise that regulators continue to be busy as well. GDPR grabbed the headlines first, and now many organizations are shifting focus to CCPA compliance. Kevin and I ran a poll during the webinar, and learned  that 40 percent of respondents are focused on GDPR compliance, 35 percent on CCPA compliance, 5 percent on compliance with other state regulations and 20 percent are focused on complying with all of them. The 20 percent who are looking at the whole picture have the right idea.

There are a lot of new regulations in the works. More than 100 countries have data privacy laws already. Every U.S. state has some kind of privacy regulation. California has a proposal for a broad range of new regulations under the “Your Data, Your Way” banner, and there’s pressure for federal regulation to sweep away the state patchwork.

Building a data privacy framework that accommodates new regulations, new technologies and massively growing data estates seems like the only way to go. The “one state at a time” approach is likely to be expensive. In another poll we ran, those who were counting said that GDPR compliance had cost more than $1 million. That might not be the same for every regulation – but it could soon add up. Worse, not every regulation has the same requirements, so having a framework to accommodate the differences is essential.

As you build out your privacy management framework, there are several areas to consider – including data management, policies, security and contracts. ASG’s Data Intelligence (DI) solution identifies and enables protection of personal data, providing a substantial foundation for privacy management. It overcomes the limitations of manual approaches and reduces the risk of financial penalties and reputational impact of any failures in protecting private data. ASG DI’s key capabilities include the automated discovery and management of personal data for the broadest range of data. More than 230 technologies are covered out of the box. ASG recommends a five-step process to establishing best-in-class protection:
  1. Inventory your data assets
  2. Relate data assets to business processes
  3. Use data lineage analysis to understand how data moves through the enterprise
  4. Carry out Privacy Impact Analyses to establish what regulations and policies apply to which data use
  5. Put collaborative processes and training in place to maintain best practices
Implementing processes like this, even when anchored by best-in-class technology, can be challenging. But bringing in experts like ASG partner Primitive Logic can make it lot easier. Half of the people we polled were using external resources in their compliance programs, and half were using a purchased solution. Many respondents were doing both, which left approximately 40 percent who are “going it alone.”

But I don’t think it’s going to stay that way. Building a successful data privacy framework depends on building a mature data management strategy and a body of process expertise.

To find out more, take a look at this infographic and whitepaper. You can also replay the webinar here.
Posted: 4/12/2019 9:02:51 AM by Ian Rowlands
Filed under :CCPA, data, GDPR, intelligence, management, privacy