Data Privacy Day is January 28, and this year’s theme examines issues around respecting privacy, protecting data and enabling trust. Today more than ever, any global company is a digitized company, which means that every company is grappling with challenges around privacy, security and trust. As a result, these challenges are no longer an IT-only responsibility and now must be addressed by everyone: vendor, customer, partner, board member and end-user alike.
While many security and privacy trends facing global companies today may appear to start out as local, some quickly become global. As many industry observers know, a significant number of these trends are starting in Europe.
For example, the Global Data Protection Regulation announced in October 2015 is one of the biggest legal developments in data privacy and security in the past 20 years. While the law still has to go through the parliamentary process in Europe, it is expected to be a game changer for how privacy is protected legally worldwide. This law is introducing new notions about how both citizens think about their data and how companies are obligated to protect it.
When the first laws around electronic data protection and privacy were passed back in 1995, the Internet was not nearly the backbone of economy as it is today. We need laws today that reflect the way data is shared online now. This new law will set the tone for many debates going forward on data privacy, such as the hotly-contested “right to be forgotten.” The industry is waiting to see what the impact of these regulations will be on the global economy at large.
One of the first places where this will have an initial major impact is in the boardroom. The Europeans are now treating data privacy violations as they do breaches of fiduciary duty; that is, as a fineable offense. This means compliance is now a factor to consider, and companies have fiduciary care of data that is subject to compliance and fines. Companies are now obligated to look beyond privacy engineering from a strict security perspective, and beginning instead to explore what it means to transfer information across borders, to have geofencing or to operate in an environment where you’re crossing borders and cultures. In fact, in most parts of the world, privacy is considered a human right as well as its emergent role as a distinct asset class.
Since these regulations are likely to influence laws and standards across the world, it will benefit global companies to begin to figure out how to protect data privacy within their own digitized environments. To get started, it’s helpful to keep in mind that there is a significant, if non-intuitive, difference between security and privacy. It’s easy to conflate privacy with security, but they are in reality complementary fields.
In a nutshell, security is the how, privacy is the why.
Of course, two complex fields such as privacy and security are difficult to distill into simply “how” and “why,” since issues like resiliency, context, content and transparency also come into play. Privacy is thinking about why data should be protected in the way that it is, what data is being sent to which locations throughout the network, whether you should be collecting that data in the first place, who should be able to access it and who should have the ability to destroy it. The privacy person knows that if the company is making a brand promise, then the data needs to be managed and protected in a certain way.
Here at Cisco, we are working to demonstrate verifiable trust through the following methods:
- The how of security
- The what of intellectual property
- Quality information
- Integrity of data
- Purity of process
- Efficiency of data flow
If you’re looking at things from an Internet of Everything perspective, trust is the opportunity to empower the end user to do everything he or she wants to around technology, and still be able to trust that data is being protected and secured. Together, Cisco is working to give our customers the tools they need to excel in today’s digitized economy.
For more information on what Cisco is doing to promote trustworthiness, transparency and accountability, visit the Cisco Trust and Transparency Center at trust.cisco.com.
To learn more about Data Privacy Day, please visit https://www.staysafeonline.org/data-privacy-day/.