Data Privacy Day

Building a data privacy program can be difficult and daunting. There are many things you need to consider and some of the resources required are not usually fond of working together. An example is the security and legal teams. These are two completely different functions with different corporate goals yet both of them need to create a data privacy program. One to ensure the data is properly safeguarded and the other to navigate the many legal requirements around the data. Together they must agree on “compliance” and separately neither can do what they can both do together. The challenge with compliance is that it can be a tug-of-war between security and legal, each having their own need for it but neither wanting to own it.

Next, you must add technology. We are completely dependent on the technology of our world: smartphones, connected cars, intelligent buildings, and devices we don’t even know exist. This technology is the highway used to collect, process, and store all our data and you must understand how it works.

So to build a data privacy program, all three must play nicely together. If you start with identifying the data and understanding the need for it, you will be able to build a privacy program around it. Data lives in technology, in the systems, so start with identifying it and putting it into buckets (classifying it).

Since we all know you can’t have privacy without security, once you’ve identified it and classified it, the security team will know where the most sensitive and valuable data is located and they will be able to properly protect it. Then by knowing the type of data you collect - who it’s from (employee, customer, prospect), where it comes from (geolocation), why you are collecting (for GDPR legal basis) - the legal team will know which laws you are subject to.

When we combine all three things - legal, security, and technical you get the trifecta of a sustainable data privacy program.