There are a few certainties in life. Your attempt to use the fifteen-item express checkout line with sixteen items will be denied by the seventeen-year-old cashier. The motorcycle cop will write you a $150 ticket instead of warning for going just three miles over the speed limit in your neighborhood. Your tactic of ignoring that federal privacy regulation just enacted will result in significant fines and penalties for your burgeoning business. Whatever the scenario, the rules most often reign supreme.
The recent wave of privacy regulations, including GDPR which came into effect on May 25, 2018 and CCPA which will apply on January 1, 2020, illustrate this unavoidable truth.
Some organizations are debating whether or not they should adhere to these data privacy requirements—and those that are still to come—particularly if they find themselves outside of their respective jurisdictions; perhaps your business is one of them.
While privacy regulation is currently fragmented, a worldwide governmental consensus is swiftly building. Organizations like yours should embrace data rights now with open arms instead of trying to resist the coming wave of data privacy legislation; this will enable you to leap ahead of competitors, and allow you to focus on innovation and long term strategy instead of spending all of your time and energy on avoiding penalties for non-compliance.
With swift action, there is still time for every enterprise to get their house in order before the enforcement phases of these laws have their full impact. Let’s take a look at some of those proactive first steps to aid your current organization:
1. Develop a complete picture of where customer data exists and is required to be protected under data privacy laws within your organization. This is crucial, as not accounting for all customer data – and protecting it as required by these legislations – could leave your organization susceptible to penalties. This data may be located in structured systems such as applications or databases, or it may reside in files located on file systems, in collaboration portals (such as SharePoint), or even in cloud storage systems (such as Box or Google Drive).
2. Understand who should have access to customer data and reconcile it with who actually does. Are you finding that some unauthorized users mistakenly have access to customer data? Be sure to remedy this before it leads to noncompliance, and build this into your ongoing business process rather than just a one-time action.
3. Design identity governance controls to protect access to regulation-related data as users join, leave, or move to different roles within the organization. With an identity governance program in place, organizations are empowered with centralized visibility and control over “who has access to what” so that executives can assert strong control to protect personal data, ensure ongoing compliance, automate data breach detection and mitigation, and streamline documenting and reporting efforts.
The primary objective of this wave of regulations is privacy – the protection of personal data. Accordingly, your focus must be on how your organization processes, stores and secures this data. With an identity governance solution in place, your organization gains insight that can assist compliance with relevant regulations.
In the end, death and taxes are not the only absolutes in life. Others rise and fall with the passage of time— but all are unavoidable like the rise of the ocean tide. Your enterprise should prepare for the future today by embracing data privacy for your users. The alternative is to face the penalties proscribed by these new rules; while it may not be “breaking rocks in the hot sun,” it is likely something far worse for your organization’s future.