February 22, 2021
The predictions are in and data privacy compliance in 2021 is an enterprise budget top priority to increase maturity in response to a perfect storm of converging risks.
1. The number of remote workforces has doubled during the pandemic, exposing more data, along with more IoT devices used outside of traditionally safe corporate networks
2. Increased exposure from data analytics based on data democratization efforts across the enterprise, enabling new insights along with new privacy and ethical use concerns
3. Accelerated cloud migration where digital transformation is exposing risks outside of on-premises systems where legacy controls are often non-portable to hosted platforms
Another important consideration as global regulation continues to evolve: how do we drive value creation opportunities while preserving customer trust through responsible data use?
Priority #1: We all need to be on the same page
If you ask 10 data stewards across departments, they may offer 10 definitions of “privacy compliance,” depending on each stakeholder’s job title. While a CISO or IT architect may focus on shoring up access control security, a regulatory compliance team sees the risk exposure of inappropriate data use. Or a CDO may simply see obstacles to revenue agendas.
The truth is every one has a valid perspective for their role or function within the enterprise. More mature organizations are taking a data governance approach to privacy, as this enables both the transparency to coordinate data stakeholders around a common set of definitions, such as data purpose and workflow policies, and align on investment priorities.
The emerging discipline of data privacy governance through automating processes and procedures is now the way forward for codifying best practices, aligning stakeholders, and optimizing data use by reducing risks using active controls.
Priority #2: Getting started with data privacy governance requires metadata-driven intelligence
Everyone has a mandate to govern data responsibly, safeguard customer experience, and protect brand reputation. So how does data governance help automate privacy controls so that they are part of an integrated program?
Data privacy governance needs to provide a scalable but flexible framework, one that is based on a common foundation of metadata intelligence to enable guided decisions for appropriate data exposure. This framework includes:
Priority #3: Lowering Risks and Saving Costs to Operationalize Privacy
With clear privacy policies in place, a catalogue of metadata to drive insights, and a subject registry in place to understand connectivity to data owners and uses, the real magic can then happen—applying metadata-driven intelligence for guided privacy decision making. A mature privacy program will be able to:
With privacy regulations only expected to increase, and the volume of data and risks growing, data privacy governance through metadata-driven intelligence and automation is the key to scaling out privacy operations and putting risks in the rear-view mirror.