Data privacy regulations: Walking safely through the compliance jungle

The world is experiencing a major season of change these days, and nowhere is this more visible than in the field of commerce. Companies today are evolving their business models to meet new challenges, one of which is having to comply with a growing number of regulations that are popping up everywhere. Many of these new regulations have to do with safeguarding consumer data privacy rights, and businesses that fail to comply with such regulations face increasingly burdensome penalties in different countries. To get a better understanding of what's going on in this area, where things are happening, and when we can expect more regulations to appear, I recently sat down with Zak Rubinstein, chief executive officer and founder of 1touch.io, a U.S.-headquartered and Israeli-based technology company providing automated real-time discovery, mapping, and tracking personal data flow.

MITCH: Why are so many regulations being put in place these days at various governmental areas that tech companies need to comply with?

ZAK: Like most of us, the government has seen how tech companies, from conglomerates to small online retailers, collect massive amounts of information on their customers. They use this data for marketing efforts and to understand customer behaviors, with the end goal of increasing revenue. In recent years, consumers have started to understand the critical nature of limiting the sharing of their personal data, and this increased awareness has led to the establishment of new regulations targeted at putting the brakes on data misuse and over-collection.

MITCH: Which ones do you feel are most important for e-commerce businesses to comply with, and why?

ZAK: CCPA and GDPR are the most far-reaching, as they apply to any business that collects data on more than a specified number of California and EU residents, respectively, and are thus the most critical. But there are some others that should be considered as well, such as Brazil's LGPD, which affects any business that collects data on Brazilian citizens.

MITCH: Do some of these regulations contradict one another or otherwise make it difficult for companies to comply with them?

ZAK: In general, privacy regulations share one goal: protecting consumers and empowering them with rights over their own data. Though these laws have differences, they generally do not contradict one another. One case in which laws do perhaps "contradict" each other involves GDPR and the EU's PSD2. GDPR insists upon the limited sharing of information such as the banking data of EU citizens. PSD2, on the other hand, requires the open sharing of customer banking data to facilitate the adoption of new and innovative payment technologies. While it's possible to fulfill both requirements at the same time, it can be challenging without clear visibility.

MITCH: What further regulations do you see coming on the horizon?

ZAK: In the near future, we know we can expect to see new state-level regulations, many of which will apply to all businesses, regardless of where they are located, as long as they collect data on citizens of the particular state. We already know that New York's proposed regulation, NYPA, aims to be even more limiting than CCPA. Washington State's proposed regulation, SB 5026 or 2021 WPA, is actually much closer to the EU's GDPR in structure and rights to be granted. This bill has twice failed to get passed, but it has been introduced again, and senators are hopeful that the third time will do the trick.

MITCH: How can tech companies stay on top of all these regulations?

ZAK: The key to consistently meeting all regulations in a sustainable manner is with continuous data discovery and mapping -- of all the data that businesses hold, no matter where it resides in their systems; whether it's structured (the easy part, right?) or unstructured, known or unknown, or in transit or at rest. Making sure that data is accounted for regardless of any other factors is critical to being able to consistently adhere to all privacy regulations.

MITCH: How can a business assess whether they are properly complying with all the various regulations out there that they need to comply with?

ZAK: This is where governance, risk, and compliance (GRC) tools and then discovery and mapping tools come in. GRC tools help organizations streamline compliance and perform audits in order to determine their blindspots. These tools help organizations stay up to date with regulations. These are usually subscription-based tools, making it simple to switch providers if the one you've chosen does not meet your needs. But these tools need data to be discovered for them. For this, they need to integrate with a discovery and mapping tool that will continuously locate all data, regardless of where it is in your network.

MITCH: Is there anything else you'd like to say about this subject for our readers?

ZAK: Compliance and adhering to regulations (especially when they seem to be in a constant state of flux) can seem like a daunting -- if not impossible -- task when viewed as just another thing to cross off your to-do list. But the time has come for businesses to stop viewing this restoration of each consumer's elemental right to privacy over their own data as a burden and instead adopt a privacy-by-design stance.

Businesses have grown accustomed to the idea of commoditized personal data while ignoring the human behind each data point. The new and upcoming regulations are giving businesses a much-needed opportunity to fix those wrongs and move forward in a manner that provides the deep insights that can only be extracted via data collection while respecting and upholding the right to privacy of each and every consumer.

MITCH: Zak thanks very much for taking the time to chat with us about this important subject.

ZAK: You're welcome.

Images: Shutterstock 

Mitch Tulloch

Mitch Tulloch is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada.

Share
Published by
Mitch Tulloch

Recent Posts

Operational technology security: Boost it or suffer the consequences

Companies with robust IT cyberthreat defenses don’t always have a strong operational technology security structure…

3 days ago

Running containers and virtual machines on the same bare-metal cloud

Implementing containers and virtual machines on the same bare-metal cloud can provide a cost-efficient way…

3 days ago

Global IT spending to rebound 8.4% in 2021: Gartner

IT spending in 2021 is expected to reverse its pandemic-related decline in 2020, according to…

3 days ago

Setting up Mac Mail and Outlook on Exchange 2016

Setting up Mac Mail and Microsoft Outlook on Exchange 2016 is not difficult, although there…

4 days ago

Which type of PowerShell loop should you be using?

PowerShell supports several types of loops, but not all loops are interchangeable in your scripts.…

4 days ago

Docker raises $23M — Will its new developer focus hold up to reality?

Docker has received an influx of cash as it bets on a developers’ community that…

4 days ago