Data Protection Day (also known as Privacy Day) on the 28th January emphasises important risks around our own data and data that our employers collect and managed. But we can’t allow our guard to drop the other 364 days of the year. We must treat protecting our data with the vigilance and regularity that we assume when we clean our teeth – we do it daily and as a non-negotiable part of our lives otherwise there will be major damage, huge cost and severe distress.
This vigilance is currently not a reality. Less than half of companies globally are sufficiently prepared for a cybersecurity attack, according to a PricewaterhouseCoopers report that surveyed 3,000 business leaders from more than 80 countries. And no one can forget the scary Capital One data breach exposing 106 million customers’ personal data in March 2019. In fact 2020 has already seen several major breaches including passport information being leaked…we are only in January
Harnessing data through technology has allowed organizations to innovate and realise goals more rapidly, but also presents challenges. Despite the mass adoption of emerging technologies, data continues to be an asset AND a risk.
What do we need to know?
The obvious elephant in the room is the new California Consumer Privacy Act, better known as CCPA. It went into effect on January 1, 2020. CCPA "creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses." The attorney general of California will begin enforcing the law in July.
Across the globe, we have seen a number of regulations, with the European Union’s General Data Protection Regulation (GDPR) being the most prominent, that have made organizations take a step back and assume more responsibility for the way they protect and use customer data. Fines for GDPR have resulted in massive consequences for organizations, some charged more than $230 million last year.
The impact on businesses is undeniable and there is certainly more to come. CCPA adds another layer of complexity as it provides rights to consumers and business obligations that do not completely align with GDPR.
Protect Your Data at the Core
Customer data is key to all organizations. Organisations can reduce their risk exposure by stopping attackers who attempt to access this data directly from the database by using encryption solutions like Transparent Data Encryption. By encrypting data, attackers will not be able to decipher the data even if they are successful in breaking in to the database. This is extremely valuable and reduces risk for organizations holding personally identifiable information (PII). When leveraging data for specific business use cases, also consider data redaction to further reduce risk exposure. Transparent Data Encryption and Data Redaction are both offered as part of Oracle Advanced Security
Developers, testers and partners often need access to realistic customer data to perform their job duties. This puts organizations at risk and that risk is multiplied with the continual copying of data. Companies that are looking to increase efficiency while reducing risk and improving compliance should consider data masking, which allows users to perform development work and testing on a database that retains the data integrity while protecting the customer information. Sensitive data is replaced with obscured data that is just as good for the developers or testers, but without the undue risk of creating additional copies of real, sensitive customer data. Data masking is offered as part of the Oracle Data Masking and Subsetting Pack.
By implementing a least privilege philosophy, organizations can better address their data privacy needs. Oracle Database vault helps prevent malicious or accidental changes to critical data and simplifies compliance by setting command controls, multi-factor authorization for access, and separation of duties. Reduce the risk of an attack by an external threat with compromised credentials or an insider with ill intent with fine-grained access controls that limit the risk, in scope and breadth, of a data breach.In today’s data-driven economy we must develop a culture to prevent manipulation and misuse of data. Data Protection Day is a good opportunity to raise questions and look at solutions to tackle future challenges in a hyper-connected world.