Beyond Data Security: The Evolving Data Privacy Landscape

Jay R. Pascarella January 03, 2020

Reprinted from

Businesses across the world are facing a paradigm shift when it comes to managing data. We are moving from a security-focused approach, based on how data is protected, to a regulatory approach, based on data privacy. This expands the scope of data management to include how data is used, how it is disclosed, how it is retained, and more. Security hasn’t gone anywhere — data still needs to be protected. But privacy goes further, and includes our rights as individuals to control the data about us that we generate every day.

In today’s evolving data landscape, it is estimated that over 2.5 quintillion (that’s 2,500,000,000,000,000,000) bytes of data are created each day. And the digital universe — a term used to measure the existing size of digital data — is estimated to be 40 zettabytes (40,000,000,000,000,000,000,000 bytes). It is also estimated that 90% of the digital universe was created in the last two years. With our connected world, that means most of this data is stored online somewhere.

Most countries have some form of data protection regulations in place, and they are evolving quickly. Examples include GDPR in the European Union, CCPA in California, and PIPEDA in Canada. Privacy regulations are evolving to address the data economy and the demand by data subject owners — such as individual people — for some form of protection. The pace of evolution is clearly increasing, as proven by the change from the Sarbanes–Oxley Act of 2002 to today’s worldwide compliance footprint.

According to a 2018 report, in the US alone, at least 35 states reviewed more than 265 bills and legislative regulations related to cybersecurity. Fifty of the efforts became law.  Many of these laws also addressed privacy and privacy rights, such as CCPA.  

These rapidly changing privacy regulations — by state, province, region and country — make it difficult to understand the potential impact for an organization. We can say, as a general rule, that businesses of all sizes will be affected by privacy regulations, from internal data (e.g., human resources files) to external data (e.g., customer data). And, to put this in concrete terms, ignorance will not be an acceptable excuse when it comes to the potential, and substantial, fines imposed by regulatory bodies.

Voice data, whether in the form of transcriptions, biometric voiceprints, or audio recordings themselves, is personal data subject to privacy regulation. As the voice user interface is adopted by more companies, and voice data is used in more analytics processes, how a company addresses privacy becomes a prominent concern.

So how do you prepare for privacy, both as a consumer and as a business? Below are some best practices.


  • Become aware of how the data economy is affecting the privacy of your data and understand the digital footprint you are creating. This includes privacy of your family members.
  • Make your voice heard when it comes to protecting the privacy of your data.
  • Use products and services from companies that honor privacy rights.


  • Identify the types of data that compromise your most important areas for privacy (e.g., HR, customer).
  • Use a reputable third-party website or tool to review the existing regulations and determine the current regulatory environment for your business.
  • Build consensus with the senior management team as well as impacted parties, and create a cohesive privacy program. Most privacy regulations address similar rights for individuals. Ensure you develop a program that is not focused on meeting just one standard, and can be used across multiple regulatory frameworks.
  • Start with a baseline privacy program that uses common privacy principles.
  • Engage an experienced third party to assist with privacy program development. This should be a consultant or business that has experience in helping identify risks and developing plans to address them efficiently and cost effectively.
  • When developing your program, use a commonly-accepted framework, such as the CNIL framework developed by France which was used by California to draft CCPA.
  • Understand how the data economy affects your business, including your supply chain. Your supply chain needs to be privacy aware, and not a potential weak point. Significant issues exist in a number of businesses within the supply chain, especially when it comes to data privacy and third parties. Third parties in your supply chain should be privacy aware, and understand the implications for your business.

Voci has a well-developed privacy program dedicated to protecting the privacy of the data entrusted to us, from employee data to customer data. Our program has been developed to allow our customers to successfully navigate the privacy obstacles that arise in relation to automatic speech recognition/speech to text technology.

Voci’s approach ensures that data is always used with the appropriate consent of the customer and in alignment with customers’ business and regulatory requirements. Access to data for transcription, tuning and specialized language models is governed under a single, unified program. The ability to ensure privacy for all of these business processes is core to Voci’s data management program.

Jay R. Pascarella

Jay Pascarella B.S.E.E is the Director of Information Security at Voci Technologies, Inc, with extensive experience in building Information Security programs with startup and fortune 500 organizations across all of the major security frameworks and regulations (PCI/NIST/HIPAA/ISO/NIST/GDPR/FINRA etc.). Jay is an avid reader, fisherman and family man.

Access our ASR API

With up to 1000 hours of audio at no charge