With data the lifeblood of virtually every company in every industry, ensuring privacy has evolved from the responsibility of the legal department to a fundamental corporate issue. But adopting a framework for how we think about privacy and achieve compliance as an organization — including every interaction with customers, partners, and employees — is a continuous and ongoing process that requires businesses to repeat and extend their efforts.
In a world where tasks are increasingly becoming automated — performed more efficiently and without the intervention of humans — the idea of throwing more bodies at the “privacy problem” seems old-fashioned and expensive. Rather than taking this ancient approach, the market is looking closer at ways to achieve scale in privacy and develop optimal processes for achieving compliance. But why do we really need privacy solutions that solve compliance across borders?
Scaling Privacy at All Levels
Companies increasingly are harnessing data and putting it to use to drive business value at all levels of the organization. This ranges from marketers slicing and dicing customer data for greater insights and more-tailored campaigns, developers moving data between different IT environments when building new products, and sales working with customers across continents. The move to data-intensive and data-centric companies introduces new privacy issues that must be considered at all levels of the organization, starting with business application owners.
When rolling out a new product or service, application owners need to first assess what kind of data they will collect. Is the data personally identifiable? Is it considered high-risk by any of the regulations to which the organization is subject? Will you need consent if you decide to use the data to better inform your next campaign or product build-out? Where do you plan on safely storing the data and who else in your organization will have access to it — a colleague in another continent who falls under a different set of regulations?
With the dynamic nature of data, these privacy-related questions are never-ending and the privacy architecture is only as strong as its weakest link. To achieve economies of scale and business processes that don’t become bogged down by new government regulations, scalable privacy compliance solutions are emerging for easier deployment across borders.
While scaling privacy is a matter of establishing processes and deploying internal solutions to achieve compliance, it’s also a matter of extending those processes in order to demonstrate compliance with the multitude of international regulatory rules. Nation-states adhere to their own set of privacy regulations with varying definitions of citizen data, how it should be protected, and the manner with which data can flow through and be accessed via domestic servers. Understandably, this makes business operations for global companies an intricate and complex process.
Regulators today, however, ranging from those in the US to Europe to Asia, increasingly recognize that multinational organizations doing business on a global basis can’t realistically meet data protection requirements on a siloed basis, but rather require scalable, interoperable solutions. We are already seeing moves made in the cloud industry with the EU Cloud Code of Conduct — with initial participants including Alibaba, Google, and IBM — and this year, we’re likely to see an increase in codes of conduct developing in specific industries or regions that recognize companies for their cross-border compliance efforts.
Whether as employees or consumers, we all stand to win with better and smarter processes to ensure data privacy compliance. Solutions are emerging that can help businesses map and monitor the flow of sensitive information through networks, data centers, and Web-based software, and provide response platforms that help respond to data breaches. Just as the security industry evolved from a white-hat, hacker-based practice 15 years ago to a multibillion-dollar market brimming with hyper-advanced technology, the privacy industry is evolving along the same trajectory with increasingly sophisticated technology solutions and processes. In time, those processes will become as commonplace as a security firewall.
As CEO of TrustArc, formerly known as TRUSTe, Chris has led the company through significant growth and transformation into a leading global privacy compliance and risk management company. Before joining TrustArc, Chris spent over a decade building online trust, most recently … View Full Bio