Happy Data Privacy Day! For those of you scratching your heads right now, we are here to explain further. In a world of online subscriptions, website browsing, and businesses selling and otherwise leveraging customer information, many people are uninformed or plain confused about what is really happening with their data. Data Privacy Day is all about raising awareness of how data is being used and promoting action to better protect all personal data, both our own data and data that our employers collect and manage.
Harnessing data through technology has allowed organizations to innovate and realize goals more rapidly, but also presents challenges, including data privacy. As a result, ensuring that data and users are protected has become more and more important to businesses. In a recent report, 71% of respondents shared that most of their public cloud resident data was considered sensitive. Despite the mass adoption of emerging technologies, data continues to be an asset AND a risk. In honor of Data Privacy Day, we wanted to facilitate a discussion as you and your colleagues think about the importance of data privacy and begin to benchmark your own privacy maturity as an organization and an individual.
The obvious elephant in the room is the new California Consumer Privacy Act, better known as CCPA. It went into effect on January 1, 2020. CCPA "creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses." Originally enacted in 2018, organizations were granted a slight grace period. The attorney general of California will begin enforcing the law in July. Across the globe, we have seen a number of regulations, with the European Union’s General Data Protection Regulation (GDPR) being the most prominent, that have made organizations take a step back and assume more responsibility for the way they protect and use customer data. Fines for GDPR have resulted in massive consequences for organizations, some charged more than $230 million last year . The impact on businesses is undeniable and there is certainly more to come. CCPA adds another layer of complexity as it provides rights to consumers and business obligations that do not completely align with GDPR. To learn more about CCPA, take a look at this quick facts guide and of course come back to our blog for future updates.
Protect Your Data at the Core
Although CCPA is the new hot topic, improving data privacy is a constant task for organizations. Consider these best practices when creating your data security strategy:
Customer data is key to all organizations. We need it for a myriad of reasons, but it also puts organizations at risk. They can reduce their risk exposure by stopping attackers who attempt to access this data directly from the database by using encryption solutions like Transparent Data Encryption. By encrypting data, attackers will not be able to decipher the data even if they are successful in breaking in to the database. This is extremely valuable and reduces risk for organizations holding personally identifiable information (PII). When leveraging data for specific business use cases, also consider data redaction to further reduce risk exposure. Transparent Data Encryption and Data Redaction are both offered as part of Oracle Advanced Security.
We are all probably guilty of wanting the highest level of visibility on a self-service application - who doesn't want more access? It is important, however, for organizations to manage access to data and reduce the level of visibility whenever possible. This can be achieved in a number of ways.
Developers, testers and partners often need access to realistic customer data to perform their job duties. This puts organizations at risk and that risk is multiplied with the continual copying of data. Organizations that are looking to increase efficiency while reducing risk and improving compliance should consider data masking, which allows users to perform development work and testing on a database that retains the data integrity while protecting the customer information. Sensitive data is replaced with obscured data that is just as good for the developers or testers, but without the undue risk of creating additional copies of real, sensitive customer data. Data masking is offered as part of the Oracle Data Masking and Subsetting Pack.
By implementing a least privilege philosophy, organizations can better address their data privacy needs. Oracle Database Vault helps prevent malicious or accidental changes to critical data and simplifies compliance by setting command controls, multi-factor authorization for access, and separation of duties. Reduce the risk of an attack by an external threat with compromised credentials or an insider with ill intent with fine-grained access controls that limit the risk, in scope and breadth, of a data breach.
Despite every organizations’ best efforts, breaches do happen. Further reduce your risk of data exposure by implementing audit controls. With auditing turned on, you can better track activity pertaining to your data and reduce the time it takes to identify and react to any malicious behavior. By cutting down on your remediation time, you can effectively lower the impact of the breach.
Remember that Data Privacy Day is relevant for both individuals and organizations. We all want to be safe and more informed about how our data is being used and protected. As an organization, consider the strategies and solutions above as a way to increase security and improve the way data is protected. As an individual, Stay Safe Online, part of the National Cyber Security Alliance, offered some very useful links on updating your personal privacy settings.
To learn more about Database Security, join us on February 19th for our Virtual Workshop: Assess Database Security with Oracle DBSAT Before Threats Emerge.