GRC

Data Management and Privacy: The Importance of Protecting Your Own Security

Jay R. Pascarella May 28, 2019

We hear about data breaches every day, as well as all the details about how major tech companies are collecting and using consumer data. There is a silent data war brewing. But the silent data war is with ourselves, between our desire for convenience and our need for privacy.

We want companies and services to make our lives easier. However, important questions need to be addressed. What is the price of that convenience? How much information is too much? What is the cost to privacy?

The central problem is who owns the consumer data created through the way we use products and services that can track and record trends. This data is even created in our own homes or via our own phones. "Alexa, place my pizza order." Convenient, isn't it? Services such as Amazon Alexa and Google Home generate alarming amounts of personal data, which we just hand over for our own convenience.

And many of us hand over this data with little understanding of the consequences and breadth of what is being collected and what can be done with the information.

Your digital footprint is ever-expanding: your connected home, your oven (which lets you know it has preheated), your dishwasher (which you can start remotely), your car, your laptop, your phone and your social media. And additional technologies are even more pervasive, such as Indoor Positioning System, facial recognition, robotic sweepers that map the interior of your home, and voice recognition technologies. Every aspect of your life has become digitized and traceable.

In the digital world, data is money and competitive advantage.

Many of you may be thinking that the government will or should do something about it. Europe has the landmark General Data Protection Regulation for European Economic Area Citizens. California passed the California Consumer Privacy Act of 2018. The US Government passed the Cloud Act in 2018 to help US companies comply with law enforcement requests for data stored outside of the US. The Cloud Act, however, did nothing for protecting the privacy of US consumer data, both within the US and abroad.

Can we rely on government to protect us? Government privacy regulations do offer some hope. But with the pace of technology change, laws will always be reactive, and struggle to play catch-up. Additionally, laws and regulations are often unclear, as we have seen with different interpretations of GDPR by EU member states.

So, what is the answer?

Protecting your privacy starts with you. It's your digital footprint, so you need to own it. You generate the data just by living. You should value it and what it means to your privacy.

As a consumer, you should look for companies that are transparent and outline, in a concise and easy to understand manner, how and when they use your data and for what purposes. Take a moment and read that privacy policy! Look for privacy focused/leading organizations that are proactive in telling you if your data is being used for new and or different business purposes, so you aren't left guessing.

In your business dealings, work with companies that recognize the business use cases for consumer data and align them to privacy policies. Focus on organizations that, show a dedicated commitment to respecting consumers’ privacy and ensure the use of consumer data is in alignment with consumer consent and stated usage. Look for vendors and suppliers that have documented privacy policies and associated privacy programs.

Better yet, ensure that your consumers’ data is protected contractually with any vendors, so you don't find out in the news that it is being used inappropriately.

Consumer data privacy is challenging for consumers and business alike.  Unfortunately, the privacy dilemma is only going to get more complicated, and it is up to us as consumers and business professionals to ensure we protect our data privacy.

Own your data privacy!



Jay R. Pascarella

Jay Pascarella B.S.E.E is the Director of Information Security at Voci Technologies, Inc, with extensive experience in building Information Security programs with startup and fortune 500 organizations across all of the major security frameworks and regulations (PCI/NIST/HIPAA/ISO/NIST/GDPR/FINRA etc.). Jay is an avid reader, fisherman and family man.

Stay updated with Voci's speech insights

Please type your first name.
Please type your last name.
Invalid email address.
Invalid Input
I have read and agree with Voci’s Privacy Notice