Is your data

'safe to use'?

 

And do you even know what that means?  

 

It has never been harder for business data to be treated and used safely.  

  • More disparate workforces, probably permanently 
  • More security risks as cybercriminals take advantage of the dissolved network perimeter 
  • More chance of accidental breaches working from home 
  • More data privacy legislation being passed 
  • More consumer sensitivity over how personal data is used 
  • More regulator scrutiny 
  • More regulators keen to hold individual board members to account, not just the business 

 

Tackling all of these threats, and others besides, requires Data Safety

 

Not just data security – which is where the bulk of attention is usually paid – but ensuring continuous adherence to data privacy obligations, compliance with industry regulations and good governance.

 

This combination alone - dangerously a rarity in modern businesses - makes your data ‘safe to use’.

 

Is your data safe to use  - Data Safety

We recently held a virtual panel on Data Safety with industry-leading experts in data privacy, data governance and IT security from Perkins Coie, IAPP, DWF and KMPG.

 

We have added quotes from the speakers throughout the rest of this article.

What is Data Safety?

Data Safety is often mistaken for just data security. However, Data Safety is actually comprised of three pillars that require equal acknowledgement. 

 

shield (3)-1

Data Security

process

Data Governance

Privacy in services 3-2

Data Privacy

 

 

StewartRoom“If we look at the idea of data safety , we see huge momentum in cybersecurity, some in data protection, but we need to look more at the legal impacts of data governance. It's the only way to look properly at how information is handled within organizations.”

 

Stewart Room

Global Head of Data Protection, Privacy and Cybersecurity at DWF Group

President of the National Association of DPOs

 

 

And while there is considerable overlap between these three pillars, each brings its own nuances, requirements and protections which all require to be addressed.

 

Data Safety

Data Security

Data Governance

Data Privacy

  • External Threats
  • Internal threats
  • Industry standards


  • Industry regulations
  • Backup, disaster recovery and restoration processes
  • Archival processes
  • Data quality standards and metrics
  • Local liabilities such as tax residency requirements
  • Privacy by Design
  • Residency, sovereignty and localisation
  • Legal adherence
  • Ethics

 

By equally ensuring the continuous adherence to data privacy obligations, compliance with industry regulations and good governance, as well as implementing necessary and appropriate IT security measures to your cloud environment, makes your data ‘safe to use’.

 

MarkHerridge-1

“Data safety really does entail security, privacy and governance. They go hand-in-hand, you can’t focus fully on one, and not the others - they are both supportive of and reliant on each other."  

 

Mark Herridge
Chief Information Security Officer, Calligo

Why is Data Safety important?

We've all become accustomed to seeing headlines referring to data breaches and the recording-breaking fines that accompany them. 

Headlines

 

And 2020 only accelerated this trend.

 

Due to the COVID-19 pandemic, businesses were suddenly reliant on remote working, which saw an unprecedented volume of data interactions routinely taking place beyond the organizations' network perimeter. Not only was there less technology defending business' data, but processes and individual vigilance was also weakened.

 

As a result, cybersecurity threats skyrocketed in both volume and success rate.

 

We saw well-known brands and organizations across the globe such as Marriot International, Facebook, Nintendo and Spotify, suffer data breaches.  The impacts of these and others was not only reputational and practical, but also legal and financial. CRN reported that the Information Commissioner's Office (ICO) handed out fines totalling more than £42m for data breaches in the UK alone during 2020.

 

 

Dominique

“We’re now seeing a trend where data security, data privacy, data governance, and everything associated with data, now commands heighted attention.”

 

 

Dominique Shelton Leipzig

Partner and co-chair of the Privacy & Data Management Board at Perkins Coie 

International Association of Privacy Professionals
board member

 

 

Data privacy and security enforcement has taken on even greater severity in 2020 and 2021 as there is a growing tendency for data authorities to name individual board members in lawsuits and levies, not just companies. 

 

This means data authorities are now holding individuals such as CEOs, CIOs, CISOs and DPOs personally to account for neglecting data safety. For example, in 2020, Eric Yuan, CEO of Zoom was personally held accountable for the data security and privacy concerns regarding the video conferencing platform.

 

Add heightened scrutiny to wider liability and Data Safety becomes harder and harder to ensure. After all, only recently, Virginia adopted its own privacy law, the "Virginia Consumer Data Protection Act (VCDPA), and while it has similarities to California's CCPA and the EU's GDPR, all three privacy regulations have considerable differences too.

 

 

Dominique“California started with the first comprehensive US data privacy and data security law back in 2018. Virginia adopted another comprehensive privacy law, and as we speak, there are other privacy and protection bills moving through other states' legislatures.”

 

Dominique Shelton Leipzig

Partner and co-chair of the Privacy & Data Management Board at Perkins Coie 

International Association of Privacy Professionals
board member

 

 

white-spheres-2

Data Privacy Regulations Comparison Guide

Our Data Privacy team has put together a quick and easy comparison guide to the key live data privacy regulations to help businesses understand their overlaps, differences and nuances

 

 

  

And yet, regardless of the headlines and the risk of hefty fines, many organizations still struggle to find the impetus to address Data Safety. 

 

Perhaps it is because of the tactics traditionally used: fear-mongering and a focus on the risk of negative impact. These are easy to dismiss, and do nothing to shift the perception of Data Safety as an insurance policy, a reluctant cost or even, most scarily, a nice-to-have.

 

Perhaps instead, organizations should focus on the positive.

 

ArthurMainja"We as data safety professionals have previously gone to the board in the wrong way. We have approached them using technology and legal language – what tools we’re using, what the risks are and the impacts. Instead, we should speak their language - translate our zeros and ones into dollar value.”

 

Arthur Mainja

Senior Manager at KPMG

Chairman of the Channel Islands Information Security Forum (CIISF)

 

 

 

If an organization truly commits to data safety, then their first step in the journey has to be total understanding and visibility of all their data workflows – every origination, every dataset and every data interaction.

 

With this visibility, businesses can spot their vulnerabilities and risks and properly address them. But the unprecedented clarity into every way in which data moves around your business also offers so much more potential. And most boards don't even realise it.

The 8 Commercial Benefits of Data Safety

What if boards were offered a multi-purpose, low-risk technology initiative that was proven to grow revenues, become more efficient, reduce costs and drive innovation?

 

They would take it.

 

That is the context that Data Safety needs to be presented in.

 

The supplemental benefits of taking a granular, workflow-by-workflow, interaction-by-interaction approach to Data Safety are extraordinary.

 

Just think what else you could do with that visibility of your data...

 

The 8 Commercial Benefits of Data Safety

 

What else could be possible once you understand your data workflows in granular detail, after you have deployed Data Safety?

honesty

1. Consumer /
Customer trust

Not just vital for the “obvious” B2C industries such as banking or eCommerce, but also for B2B organizations where Data Security Agreements are becoming more common in supplier agreements.

diagram

2. Market leadership

Consumers expect their data to be safely handled without question, so those who are able to prove their trustworthiness will find it a competitive advantage.

statistics-1

3. Workflow efficiencies

Identifying areas to improve efficiency or accuracy, or perhaps even spotting workflow errors such as missed invoicing opportunities.

engineering

4. Opportunities
for automation

Your data workflow analysis will highlight all the processes that are overly-manual, time-consuming, inaccurate, expensive or that create risk. Those that are repeatable are prime candidates for automation.  

device

5. Shadow IT removal

Not only a security risk, but it could also impact your data privacy and governance obligations, undermine efficiency and create cost.

worldwide

6. Access to new geographical markets

Over 130 jurisdictions now have some form of data privacy laws. Starting to market to or do business in a new territory now almost certainly requires you to have processes in place to handle new customers' or partners' data responsibly.

group

7. Access to new industries

Just as with national privacy laws, more and more verticals now have their own requirements for data management, including healthcare, legal, financial services, construction and manufacturing.

In addition, many businesses - especially larger ones - also have their own independent policies and certifications that require suppliers to mirror their own standards for data responsibility.  

monitor

8. Better structured and new datasets
for business intelligence and 
machine learning

Understanding your data environment means understanding what your data actually consists of and where it sits. This discovery process will doubtless reveal overlooked data sources or new combined datasets that can feed BI and AI/ML tools, creating value that had never been considered before.

 

Dominique

 

“Apple, Microsoft, Salesforce and others have all successfully marketed off their data privacy and data security first principles.”

 

Dominique Shelton Leipzig

Partner and co-chair of the Privacy & Data Management Board at Perkins Coie 

International Association of Privacy Professionals
board member

 

 

ArthurMainja

"Data safety is a catalyst for innovation… If you embed data safety at the time of your products, services processes etc. it shortens the journey from initiation to development and deployment.”

 

Arthur Mainja

Senior Manager at KPMG

Chairman of the Channel Islands Information Security Forum (CIISF)

 

 

Benefits of Data Privacy

Examples of data privacy programmes delivering more than privacy adherence

 

Four examples of Calligo Data Privacy Services customers who have used their data privacy programmes’ increased visibility of their data to achieve greater commercial benefits.

  

How to get Data Safety on the agenda

Organizations cannot afford to wait for a data breach, catastrophic data loss or complaint from a data subject before paying attention to Data Safety.

 

And not many businesses can afford to wait for the benefits listed above to appear.  

 

So whether your board is driven by mitigating risk, or by seizing commercial opportunity, what are the key questions that CEOs or boards need to ask of their data leadership team? (typically CDOs, CIOs, CISOs, DPOs, Head of Legal and the like, or in more data-driven business, all CXOs).

 

HOW TO GET DATA SAFETY ON THE AGENDA

BOARDS DRIVEN BY
MITIGATING RISK

BOARDS DRIVEN BY
SEIZING OPPORTUNITY

What does our network look like (even if the truth is the perimeter has dissolved), and how are we protecting it?

Are we enabling our teams to collaborate and innovate safely?

What privacy laws and industry regulations apply to the business and how are we addressing them?

What privacy laws and industry regulations apply to our customers, and our future strategy?

Do our employees, partners and suppliers understand their individual roles in keeping our data safe?

How could we discover where and how we could be more efficient?

How do we categorise and control our data, our users and our interactions with our data?

How can we make it easier for our customers to move through their journey with us, and for us to serve and capitalize?

How much risk are we at, whether from data subjects, external threats or internal error?

How can we make it easier for larger businesses to work with us?

 

 

The likelihood is that the board is a mixture of the two sides - those driven by migrating risk, and those driven by seizing opportunity.

 

It perhaps goes without saying that the true list of questions to ask the board is almost endless, especially for those wishing to mitigate risk. However, these questions nonetheless serve to illustrate the key areas of consideration.

 

 

Benefits of Data Privacy Data Safety in the Cloud blog image

Examples of data privacy programmes delivering more than privacy adherence

How to design
Data Safety into your cloud environment

Four examples of Calligo Data Privacy Services customers who have used their data privacy programmes’ increased visibility of their data to achieve greater commercial benefits.

  

 

We asked our Chief Information Security Officer, Mark Herridge, for his guidance on how to make sure that your cloud environment sets the right tone for how your data is treated throughout the business.

  

 

 

If you'd like to speak to the team about implementing Data Safety in your business, you can get in touch by clicking the button below