Data Privacy

What is data privacy?

Data privacy ensures that data is collected, stored, processed, and shared in a way that complies with data protection laws, regulations, and general privacy best practices. It refers to the protection of personal and confidential data and is part of a broader topic ꟷ data governance.

Why is data privacy important?

Organizations deal with all types of data, often times sensitive information such as customer data, financial records, trade secrets, business strategies, and intellectual property. This kind of data is extremely valuable, and companies must make sure they're protecting it properly. Data privacy is one aspect of this, and it is important for several reasons:

• Protection and control over personal information. This is even more important when it comes to PII - personally identifiable information, which can be used to identify both, individual consumers and corporate customers. To name a few data points, PII includes name, date of birth, social security number, address, and credit card information. If protected properly, individual's and corporate customer's data is less likely to fall into the wrong hands.
• Compliance with laws and regulations.Managing data in compliance with regulations is crucial in order to avoid financial penalties, reputational damage, and legal actions while also protecting against data breaches that could lead to serious consequences for both the business and customer, as well as damage trust.
• Trust and reputation.Customers, clients, and partners are more likely to feel confident when sharing personal information with organizations that are committed to data privacy. Having the standing of a trustworthy company can foster long-term relationships and enhance an organization's reputation.

Complying with the EU's new data privacy laws

New data privacy laws in the European Union are creating information management challenges for companies around the world. Under the EU's General Data Protection Regulation (GDPR), organizations that collect, process, use and store data about EU residents must explicitly gain consent from residents and respond quickly to inquiries from residents about their personal information. The data protection law also means organizations must also be able to eliminate personal information at a resident's request.

The new data privacy regulations take effect in May 2018, and penalties for failing to comply with the data protection act are significant: organizations may incur fines of more than £20 million or 4% of annual worldwide revenue, whichever number is higher.

To achieve this granular level of data privacy management, many organizations are overhauling their information management technology. As the deadline for implementing this data privacy law approaches, organizations need powerful data privacy solutions that can be implemented quickly and that minimize the cost and complexity of GDPR compliance.

What the EU's data privacy act means for email

The European Union's data privacy regulations will impact email as well, as these communications by their nature contain personal information. The GDPR will require that organizations manage backup and archived copies of email with greater precision, since administrators will need to produce and delete specific email upon request. This will likely be more difficult for organizations that use tape backup, and may present new challenges for organizations in regulated industries like finance or healthcare where competing and contradictory regulations will make things more complex.

GDPR compliance will also require a greater focus on data security to prevent a cyber attack from stealing or exposing personal information.

What are some challenges businesses face while ensuring data privacy?

Businesses face more than one challenge when ensuring data privacy. Some of those include:

• Protecting data in a digital ecosystem. With more businesses going digital and utilizing cloud services, ensuring data privacy across various platforms, devices, and application can be daunting. Organizations must ensure consistent protection.
• Balancing needs. On the one hand, companies need to collect and process data for several reasons, e.g. to be able to provide tailored services to their clients or improve internal operations. On the other hand, they must comply with and follow data privacy requirements. Balancing these two can be very challenging and complex.
• Managing third-parties and vendors. Most businesses rely on third-party service providers for all sorts of things ꟷ from data processing and storage to marketing activities. Managing the privacy practices of external vendors, ensuring they have high compliance standards and mitigating potential risks is difficult, so establishing best practices on managing vendors and conducting regular audits is vital.
• Keeping up with the rapidly changing regulatory landscape. Keeping up with the ever-changing data privacy requirements and regulations is difficult – even more so, when your business operates in more than one country. Understanding the regulatory requirements and implementing compliance obligations can be demanding and time-consuming. Tackling these challenges requires a thoughtful strategy that involves implementing strong privacy policies and best practices, investing in the right cyber security solutions and technology, and educating your employees.

What are some data privacy best practices?

The following are some data privacy best practices all organizations should implement

• Know what data you have and how it is being used
• Data should only be accessible to those with proper credentials
• Users should have access only to the data they need to perform their jobs
• Use encryption whenever possible
• Conduct regular vulnerability assessments
• Perform vulnerability assessments
• Use anti-malware and other security software
• Implement and enforce data usage policies
• Train users on the use of strong passwords
• Provide users with security training
• Use two-factor authentication
• Delete data once it is no longer needed

Comply with data privacy regulations with help from Mimecast

To manage the demands of EU data privacy laws, organizations can turn to cloud-based email management services from Mimecast. Built on a highly scalable cloud platform, Mimecast's offerings are available as a fully integrated subscription service that lets organizations avoid the need for capital expense, on-premise hardware and disjointed point solutions from multiple vendors.

Mimecast's security services provide state-of-the-art defense against advanced threats like impersonation fraud, spear-phishing, malicious URLs and malicious attachments. Mimecast also effectively stops viruses, malware, spam and data leaks at the email gateway.

Mimecast also offers multipurpose archiving technology to simplify management of archived email. Providing enterprise data protection, Mimecast's archiving solution provides fine-grained control that lets administrators comply easily with data privacy laws using fast e-discovery, smart tagging, and powerful search and retrieval tools.