World Privacy Day, observed annually on the 28th of January, serves as a reminder of the importance of protecting personal data in today’s digital age. Data Privacy also provides individuals with control over how their data is collected, used, and stored. Data protection is instrumental in achieving data privacy and by description, it refers to the technical and organisational measures put in place to protect data (including personal data) from unauthorised access, use, alteration, or destruction.
To help address and manage the complexities of data privacy and protection, here are the top 10 topics an organisation can consider.
- Data Protection Strategy
Organisations should start by creating or updating a Data Privacy, Backup & Recovery, and Disaster Recovery plan as part of an overall data protection strategy.
- Encryption
Encryption is a crucial feature of data protection and protecting private data. Allowing for data encryption at rest and in transit (when moving data between on-premise and the cloud or even between various cloud environments)helps prevent unauthorised access to personal information. This is especially important for organisations that handle large amounts of private data, such as healthcare providers and financial institutions.
- Multi-person authentication
Leveraging Multi-Person Authentication (MPA) with data protection systems ensures that critical tasks will require multiple approvals from pre-approved users. This is one of the simplest ways to prevent tasks like data exfiltration or deletion.
- Immutable Storage
Immutable storage requirements are quickly becoming a standard requirement with data governance regulations like the Protection of Personal Information Act (POPIA), the Health Insurance Portability and Accountability Act (HIPAA), and others. When paired with MPA, you can create highly secure data storage tiers that are a perfect fit for the storage of confidential and private data.
- Data Sovereignty
Organisations should consider regulations that impact private data storage when developing a data protection strategy. This includes the location of where the data is stored and compliance with regulations regarding data sovereignty.
- Data Governance & Discovery
Organisations need to understand what data they have, where it is, and what is at risk. Being able to prioritise data based on your organisation’s policies, priorities, and applicable regulations is critical to protecting the data. You cannot protect what you do not know about.
- Classification of data
Knowing what data exists and where it resides is only part of the solution. Organisations must consider what data is private customer data, business-critical, etc. in terms of its importance to your business and your customers. Protecting only on-premises data may miss some critical customer data, such as data that lives in your Software as a Service (SaaS) based Customer Relationship Management (CRM) solution.
- Retention
Being able to assign an expected lifespan to data can greatly impact your organisation’s bottom line and protect your customers’ private data. Having systems in place to automatically find, classify, and set retention periods will reduce the likelihood of data sprawl, reduce the amount of time to recover unused data, and reduce costs.
- Resilience plan testing & incident response
Resilience plan testing is an often-overlooked area of a data protection strategy. Creating or updating an outdated plan can be a daunting task. Partnering with solution providers or strategic data protection companies with experience in creating a plan can significantly reduce the time it takes to do this.
- Risk Assessment
Organisations need to consider working with strategic vendors to perform a risk assessment on a half year or annual basis. Scheduled assessments can help build the muscle memory for a solid data protection and data privacy mindset.
In conclusion, by implementing this list of considerations and routinely refreshing your resilience plan, you can be confident that personal information is secure and compliant with the latest privacy regulations.
By Kate Mollett, Regional Director at Commvault Africa