Data Privacy Day 2023: 13 Experts Share Data Protection Best Practices

Join us in celebrating Data Privacy Week 2023 with this compilation of data protection best practices from experts worldwide.

Last Updated: January 30, 2023

With everyone’s lives revolving around technology today, it’s no surprise that we have generated approximately 64 zettabytes of data over the last few decades. And as much as 90% of this dataOpens a new window was generated in the last two years alone. Needless to say, this has made data protection critical and urgent. 

Data Privacy Day, which is internationally celebrated on January 28 each year, aims to raise awareness around data privacy and initiate conversations about data protection best practices. To celebrate this day, Spiceworks reached out to leaders around the world and asked them to share their recommended best practices with our readers. Here’s what they had to say.

Sreedharan K S, Director of Compliance, ManageEngine

The privacy environment has undergone significant upheaval worldwide, the watershed moment being the adoption of GDPR by the European Union. The competing standards for data protection across different regions create challenges in navigating the complex regulatory space. For instance, POPIA, the South African data protection act, classifies information about a company or facility as personal data. This criterion is specific to South Africa, but global organizations should be aware of variations like these and accommodate them in their policies and procedures.

Organizations will need to keep track of the evolving data protection landscape, review their processes, and embrace agility to address the ever-changing requirements of data protection laws. However, employees play an important part in ensuring the data protection commitment with customers as well. To keep employees informed about ever-changing security procedures, companies should continuously educate staff on information security, privacy, and compliance. To promote awareness and foster innovation in security and privacy, business leaders should look into holding internal events like cybersecurity month along with mandatory privacy and security training for all employees.

Learn More: Why Data Privacy and Customer Experience Are Not at Opposite Ends

Terry Storrar, Managing Director, Leaseweb UK

“As more and more businesses turn to the cloud, the priority for 2023 should be ensuring that the data held within – and transferred between – these platforms is secure. However, with the IDC cloud security survey recently revealing that 98% of all companies experienced a cloud data breach within the past 18 months, there is clearly much more work to be done to protect data stored in the cloud.

Although these stats may appear bleak, there are many things businesses can do to help prevent attacks and recover impacted data if a breach does occur. For example, by choosing a trusted hosting provider, customers can gain access to 24/7 security-related support services, standard security training for all employees, and robust disaster recovery solutions.

Data Privacy Day is a great opportunity to take stock of how secure your data really is. And, for those who have entrusted their data to a cloud hosting provider, the day should serve as a reminder to choose carefully and ensure your provider is willing to go the extra mile to secure your data”.

Learn More: Five Reasons Why Data Privacy Compliance Must Take Center Stage in 2023

Fiona Campbell-Webster, Chief Privacy Officer, MediaMath

“We’ve come a long way on the journey since 2018 when GDPR led the way for the world to start creating a plethora of privacy laws, each with its own special nuance. This is fantastic for privacy awareness and business adoption, but it has become operationally challenging for businesses, both small and large, to navigate and implement the variety of privacy contractual, technical, disclosure and consumer rights requirements at both a global and national level.

2023 is the time to take a step back and reflect as a broader society and consider how to harmonize these increasingly fragmented privacy regulatory approaches. This is so that, as a society, we can enjoy the enormous benefits and minimize any specific harms of digital transactional economies. We should aim for legislative and compliance goals and outcomes in which businesses can effectively scale privacy compliance balanced with offering personalized opportunities for interesting products and services to the consumer. We should build further on efforts to achieve these goals based on long-standing privacy principles such as privacy-by-design, transparency, data minimization and purpose limitation and by approving, certifying and utilizing privacy-enhancing technologies.

We urgently need greater harmonization between differences in consumer privacy and data protection state laws and global laws. We need this harmonization to provide greater transparency and clarity of available privacy rights for consumers. We need this harmonization to create certainty for businesses in digital economies and minimize resource burdens and create scaled opportunities for businesses to flourish especially small businesses. Bi-Partisan Efforts and strides made to pass a comprehensive US Federal privacy law ADPPA in 2022 need to be revived and accelerated in 2023 to reduce the lack of clarity and uncertainty in the current fragmented state-by-state approach.”

Learn More: 5 Best Practices To Implement for Data Privacy And Protection

Eric Kedrosky, Cloud Security CISO and Pioneer

“Data Privacy Day serves as a reminder for organizations to continuously review their handling and protection of sensitive data, particularly as more of that data resides in the cloud. Every organization with data in the cloud needs to continuously assess where their data resides, which data is truly sensitive, who or what has access to it (including not just people identities but non-people identities as well) and what they could potentially do with it. Without understanding the relationships between data and identities, it’s difficult if not impossible to find and address the vulnerabilities that put data at risk.”

Learn More: Data Privacy: A Business Playground or Management Minefield?

Christopher Rogers, Technology Evangelist, Zerto

“In 2023, data is the most valuable asset any company owns. Whether it’s the organization’s own data or its customers,’ the potential loss of revenue should this data be compromised is huge. Therefore, the primary concern for all businesses should be protecting this asset.

Unfortunately, in the golden age of cybercrime, data protection is not such an easy task. While it’s clear there is a dire need for more effective data protection, it is also crucial that businesses have disaster recovery solutions in place should the worst occur.

When it comes to ransomware, the biggest financial killer is downtime. Therefore, having a disaster recovery solution based on continuous data protection (CDP) in conjunction with backup is vital to equip companies with the ability to be resilient in the face of potentially catastrophic circumstances. Companies using CDP can limit downtime and restore operations in a matter of seconds or minutes rather than days or weeks.

This Data Protection Day, I want to encourage businesses to not only look at what they can be doing to protect themselves but also what solutions they have in place to recover should disaster strike.”

Learn More: Why Data Privacy and Customer Experience Are Not at Opposite Ends

Jeff Sizemore, Chief Governance Officer, Egnyte

“Data Privacy Day reminds us that personal privacy is being viewed more and more as a global human right—by 2024, it’s predicted that 75%Opens a new window of the world’s population will be protected under modern data privacy regulations. We will continue to see data privacy gain significant traction across industries and business disciplines, such as with personal financial data rights. Company trust will increasingly have a larger impact on customers’ buying decisions as well.

In the U.S., five states (California, Virginia, Colorado, Connecticut and Utah) have already enacted or plan to enact data privacy legislation this year. And the movement toward a federal law is only a matter of time, as we have seen positive momentum with the American Data Privacy and Protection Act (ADPPA).

Without a doubt, as government entities and regulatory bodies show increased interest in data privacy, we can anticipate stronger enforcement mechanisms. Enforcement of regulations will become more strict, with fines and litigation for noncompliance expected to increase.

There’s no time like the present to prepare for these business-impacting regulations, especially with more on the horizon. Organizations can take proactive steps like keeping data privacy policies up-to-date and gaining visibility into structured and unstructured data. Ultimately, companies that respect data privacy and understand the short- and long-term benefits of compliance will be well-positioned for the future.”

Learn More: Five Reasons Why Data Privacy Compliance Must Take Center Stage in 2023

Toni Burke, Director of Sales Engineering, Mimecast

“Given that 72% of global IT decision-makers experienced an increase in email-based threats over the past several months, it’s no surprise that many leaders see ransomware attacks as inevitable. Fortunately, in spite of the growing threat, there are a myriad of opportunities for businesses to evolve their cybersecurity strategies and address the challenges of limited resources, stretched teams and complex threats. 

Perhaps the most overlooked of these is the integration of cyber security applications. While no single security solution can stop every attack, there are pieces of a larger puzzle that can help mitigate risk. In fact, even though it takes a host of solutions working together to adequately protect organizations from today’s threats, only 28%Opens a new window of decision-makers integrate their security controls into a SIEM or SOAR platform to orchestrate their ransomware response. 

A security approach that leverages the power of integration results in reduced complexity, lower risk, optimized investments, and improved efficiency of an already overloaded IT staff.”

Learn More: BYOD: A Threat to Data Security and Privacy Protection?

Carl D’Halluin, CTO, Datadobi

“A staggering amount of unstructured data has been and continues to be created. In response, a variety of innovative new tools and techniques have been developed so that IT professionals can better get their arms around it. Savvy IT professionals know that effective and efficient management of unstructured data is critical in order to maximize revenue potential, control costs, and minimize risk across today’s heterogeneous, hybrid cloud environments

However, savvy IT professionals also know this can be easier said than done without the right unstructured data management solution(s) in place. And, on Data Privacy Day, we are reminded that data privacy is among the many business-critical objectives being faced by those trying to rein in their unstructured data. 

The ideal unstructured data management platform is one that enables companies to assess, organize, and act on their data, regardless of the platform or cloud environment in which it is being stored. From the second it is installed, users should be able to garner insights into their unstructured data. 

From there, users should be able to quickly and easily organize the data in a way that makes sense and to enable them to achieve their highest priorities, whether it is controlling costs, CO2, or risk – or ensuring end-to-end data privacy.”

Learn More: Data Privacy Day 2022: 5 Tips To Keep Your Data Safe

​​Anthony Cusimano, Technical Director, Object First:

The internet may be written in stone, but that doesn’t mean you can’t start taking privacy seriously now. Ensuring you understand how businesses and bad actors can use your data is a crucial first step to making more significant changes that can help protect you, your family, and your company. I often hear people say: “I was part of a breach” or “I have already posted everything online anyway,” and while there might be some validity in this level of resignation, the truth is, just like business data, the more recent the data, the more valuable it is. Think about all the new interests, hobbies, and life events in the last month; some may influence buying decisions, behaviors, and even passwords you create. These data points can be used to socially engineer us to get to more sensitive data or to become victims of targeted ads that can manipulate or falsely inform. When you become aware of the value of your ever-changing data and just how much it can impact your life, you realize it’s never too late to obfuscate.

Fortunately, today, many phones, browsers, and computers all offer options to turn off tracking or implement various types of data masking. Every step you take is one less piece of you exposed to the unknowns of the digital world. Take the time this Data Privacy Day to learn all the latest ways to take back control of your data and ensure that you are one step ahead of whoever is trying to profit off your data. On top of this, ensure businesses you trust your data with have robust privacy and data protection strategies in place. As ransomware attacks continue to rise — targeting primary data and, more often than ever, targeting backups are also on the rise. Knowing these organizations have multiple co-located immutable backup copies, detection, and remediation in place is critical to ensure resilience.

Learn More: Why Security Does Not Equal Privacy

Don Boxley, CEO and Co-Founder, DH2i

“The perpetual concern around data privacy and protection has led to an abundance of new and increasingly stringent regulations around the world. According to the United Nations Conference on Trade and Development (UNCTAD), 71% of countries now have data protection and privacy legislation, with another 9% having draft legislation. 

This increased scrutiny makes perfect sense. Data is being created and flowing not just from our business endeavors but countless personal interactions we make every day – whether we are hosting an online conference, making an online purchase, or using a third party for ride-hailing, food delivery, or package transport. 

Today, as organizations endeavor to protect data – their own as well as their customers’ – many still face the hurdle of trying to do so with outdated technology that was simply not designed for the way we work and live today. Most notably, many organizations are relying on virtual private networks (VPNs) for network access and security. Unfortunately, both external and internal bad actors are now exploiting VPN’s inherent vulnerabilities. 

However, there is light at the end of the tunnel. Forward-looking IT organizations have discovered the answer to the VPN dilemma. It is an innovative and highly reliable approach to networking connectivity – the software defined perimeter (SDP). 

This approach enables organizations to build a secure software-defined perimeter and use zero trust network access (ZTNA) tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT: without having to reconfigure networks or set up complicated and problematic VPNs. With SDP, organizations can ensure safe, fast and easy network and data access; while ensuring they adhere to internal governance and external regulations compliance mandates.”

Learn More: How Radical Data Privacy Fuels Growth

Steve Santamaria, CEO, Folio Photonics

“It is no secret that data is at the center of everything you do. Whether you are a business, a nonprofit, an educational institution, a government agency, or the military, it is vital to your everyday operations. It is, therefore, critical that the appropriate person(s) in your organization have access to the data they need anytime, anywhere, and under any conditions. However, it is of equal importance that you keep it from falling in the wrong hands. 

Therefore, when managing current and archival data, a top concern must be data security and durability, not just today but for decades upon decades into the future. The ideal data storage solution must offer encryption and WORM (write-once, read-many) capabilities. It must require little power and minimal climate control. 

It should be impervious to EMPs, salt water, high temps, and altitudes. And, all archive solutions must have 100+ years of media life and be infinitely backward compatible while still delivering a competitive TCO. But most importantly, the data storage must have the ability to be air-gapped as this is truly the only way to prevent unauthorized digital access.”

Learn More: Data Privacy Day: 10 Expert Insights on Protecting Data and Staying Compliant

Andrew Russell, Chief Revenue Officer, Nyriad

“Data Privacy Day serves as a great reminder of the value and power of data. In addition to your people, data is, without question, the most strategic asset of virtually any organization. Data and the ability to fully leverage, manage, store, share, and protect it, enables organizations to be successful across virtually every facet – from competitive advantage to innovation, the employee experience, and customer satisfaction to legal and regulations compliance competency. 

Consequently, savvy data management professionals recognize that while a storage solution that is able to deliver unprecedented performance, resiliency, and efficiency with a low total cost of ownership is priority number one to fully optimize data and intelligence for business success; they likewise need to ensure they have the ability to protect against, detect, and restore data and operations in the event of a successful cyber-attack in order to protect their data, for business survival.” 

Learn More: Why Data Privacy & Compliance Is a Year-Round Event

Brian Dunagan, Vice President of Engineering, Retrospect 

“Every organization, regardless of size, faces the real possibility that they could be the next victim of a cyberattack. That is because today’s ransomware, which is easier than ever for even the novice cybercriminal to obtain via ransomware as a service (RaaS), strikes repeatedly and randomly without even knowing whose system it is attacking. 

Ransomware now simply searches for that one crack, that one vulnerability, that will allow it entry to your network. Once inside, it can lock down, delete, and/or abscond with your data and demand payment should you wish to keep your data private and/or have it returned. 

As an IT professional, it is therefore critical that beyond protection, steps be taken to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover. A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. 

In order to ensure its benefit, users must be able to tailor the backup solution’s anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.”

Did you enjoy this article? Share your thoughts with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you! 

MORE ON DATA PRIVACY

Prajakta Patil
Prajakta Patil

Sr. Assistant Editor, Spiceworks Ziff Davis

An English graduate currently pursuing her MA in Journalism, Prajakta has 10 years of experience in content development. She has worked with newsrooms like Indian Express and Dainik Jagran where she handled feature articles on a daily basis. She has also contributed to WhatsHot, a venture by Times Internet. As an Editor for Toolbox, she handles long-form articles on cybersecurity, cloud, DevOps and more. You may reach out to her on prajakta_patil@ziffdavis.com to draw her attention to interesting topics.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.