Today marks Data Privacy Day, an international event that raises awareness for privacy and protection of personally identifiable information (PII). The day was originally initiated in January 2008 as a derivative of Europe’s Data Protection Day, which was established on January 28, 1981.
To keep PII data safe in today’s digital world, national governments are enacting new data privacy laws around how information is stored, processed, and shared.
To see how prepared global organizations are for new and pending data privacy regulations, Intralinks and global analyst house Ovum surveyed 366 IT decision-makers from around the world, within organizations of different sizes and varying industries.
In light of Data Privacy Day, let’s review IT decision-makers’ reactions to regulatory changes:
- U.S. is the least trusted country — Most likely fueled by Snowden, the attitudes of global businesses are negative towards the U.S. Among 20 industrialized economies, the U.S. is ranked as the least trusted country and the most likely to gain unauthorized access to sensitive information, with China coming in second and Russia third.
- Business leaders are deeply pessimistic about the potential consequences of new data privacy regulations — When asked about the European Union (EU) General Data Protection Regulation (GDPR), 52% of respondents said they think it will result in business fines for their company, and two-thirds expect it to force changes in their European business strategy.
- The cost of regulatory compliance will be substantial, but the cost of non-compliance will be higher — Over 70% of respondents expect to increase spending in order to meet data sovereignty requirements, and over 30% expect budgets to rise by more than 10% over the next two years. Of those who plan to update data privacy strategies in the next three years, 38% plan to hire subject matter experts, and 27% will hire a chief privacy officer.
- Most organizations aren’t effectively using technology to address data privacy concerns — Alarmingly, many organizations aren’t taking advantage of available technologies that protect sensitive data. Only 44% of survey respondents monitor user activities and provide alerts to data policy violations, and only 53% classify information to align with access controls. Almost half (47%) have no policies or controls that govern access to consumer cloud storage and file-sharing systems.
How Orgs Can Address Data Sovereignty and Privacy
Organizations face a patchwork of contradictory and conflicting global privacy regulations. With different jurisdictions imposing inconsistent mandates for how sensitive information is stored, processed, and shared, business leaders recognize that they need to take a balanced approach to addressing data sovereignty and privacy requirements that covers people, process, and technology. When asked about investment strategies, 55% of survey respondents said they are planning new training for employees, 51% will amend and adapt policies, and 53% will prepare by adopting new technologies.
Companies must educate their workforce on the importance of data sovereignty, data privacy, and protection of information. As new regulations approach, organizations must likewise modify their procedures to meet new demands. Technology solutions that cover the whole content lifecycle (data at rest, in motion, and in use) such as Information Rights Management and Customer Managed Encryption Keys can help global companies meet compliance requirements.