The need for better data privacy has become a worldwide focus, and this year is likely to see a host of new privacy laws advance through governments and take effect. While India has not yet adopted a national information privacy law, but there are legislative efforts underway.
Privacy laws cover a range of issues related to how organizations should gather, store, and use information that pertains to individuals. They’re designed to safeguard the data, ensure transparency and accountability regarding the use of the data, and make sure the data is timely and accurate—among other provisions.
These regulatory initiatives, while not perfect, are important developments in the age of digital transformation. Who doesn’t want their personal information—financial history, healthcare records, purchasing preferences, etc.—protected from falling into the wrong hands or from being misused by companies?
On the other hand, for many businesses the data privacy movement represents a significant burden in terms of the steps they need to take and the resources they need to devote in order to be compliant. Nevertheless, it’s a responsibility they have to take seriously, or face significant penalties and other negative consequences.
From the looks of things, much work still needs to be done in ensuring the privacy of information. Organizations currently are facing critical skills gaps related to data privacy.
Professionals who work in data privacy or have knowledge of their organizations’ data privacy functionsfollow a “privacy by design” strategy &think their boards of directors prioritize privacy. Those at privacy by design organizations are also less likely to view privacy programs as driven solely by compliance and are more likely to be driven by a combination of compliance and ethics They are also more likely to report that their enterprise privacy strategy aligns with organizational objectives.
However, there are some common privacy failures, including a lack of training or poor training, failure to perform a risk analysis, and bad or nonexistent detection of personal information. The most helpful ways to overcome these obstacles are using a privacy principles framework, experience-based credentials and privacy training.
In addition, organizations are using privacy controls such as encryption, identity and access management, and data security. Many are expecting increased demand for technical privacy roles compared with legal/compliance roles, but they see more challenges in staffing technical privacy teams compared with legal/compliance teams. Technical privacy roles are more likely to be considered understaffed.
To overcome this, hiring managers at companies are finding ways to fill these roles by training other employees. Given the current situation, many organizations are training non-privacy staffers who are interested in moving into privacy roles, and a large majority have privacy professionals on staff who began their careers in IT or security and moved into privacy and compliance.
Organizations can’t view data privacy as a “one-time, check-the-box activity” to comply with regulations. The Covid-19 pandemic highlights the extreme consequences of having a weak privacy posture and lack of respect for personal data.
Today, the substantial financial and reputational harm associated with violating privacy laws and regulations has made privacy a priority for boards of directors at companies. Despite economic uncertainty resulting from the Covid-19 pandemic, privacy is still funded and prioritized.
The shift to remote work underscores the importance of a strong privacy program, and few organizations anticipate decreases in privacy budgets despite the financial challenges.
Organizations need to have in place the technology tools as well as the skills to manage and support privacy programs.