The Increase of Data and Compliance Regulations – How Can Businesses Best Keep Pace?

Data flow is evolving from the ground up – quite literally – with Big Data, the Cloud and IoT changing the way we store, process and share information. But with the rapid growth of data – expected to reach 44ZB by 2020 according to IDC – comes an exponentially larger surface area for hacks, attacks, loss and theft.

As we are dealing with more and more data, penalty-enforced data privacy and security regulations are quickly emerging at local, national and multi-national levels of government. These regulations, designed to ensure that businesses are putting protections in place to safeguard client data, regardless of where it resides, have created increased accountability to defend against external and internal threats.  At the same time, these regulations present a complex and fragmented minefield for businesses to navigate.

What are some of these regulations?

Newer regulations, like EU GDPR and the EU-U.S. Privacy Shield (the replacement for the EU-U.S. Safe Harbor agreement) on a multi-national level, and the California Breach Notification Law and New York Financial Sector Cybersecurity Regulation at the state level, for example, include greater protections, notification guidelines and/or penalties for non-compliance.  Then there are existing yet evolving regulations, like PCI DSS 3.2 for companies handling card data and HIPAA in the healthcare sector, that relevant businesses need to appropriately address as well.  Adding to that, changes in the administration with the recent elections could add more complexity and requirements when it comes to protecting data.

What does this all mean?

Data privacy is more and more being considered a fundamental human right.   With stricter requirements for protection and increased monitoring and enforcement, businesses must be prepared.

To defend data against cyberattacks, the threats from within, and the vulnerabilities of Cloud services, as well as to protect your business from the fines that result from non-compliance to regulations, you should enforce encryption.  Encryption not only turns information or data into an unbreakable, unreadable code should someone unauthorized try to access it, but it is also often the only technology referenced in these evolving and escalating regulations as a reasonable and appropriate security measure.  Encryption is the last line of defense when a breach occurs, regardless of whatever action caused it, invader or accident.  And centralized encryption management, which ensures keys are controlled from one point, helps a company enforce both regulatory and governance requirements.   To learn more about encryption solutions, click here.

Previous Post
Requirements of Security Independence in a Virtualized World
Next Post
EU GDPR – The Final Countdown

Related Posts

Happy Data Privacy Day!

Today, organizations across the United States, Canada and Europe are all observing Data Privacy Day, created and led through Stay Safe Online and the National Cyber Security Alliance. DPD is an international effort centered on the vision of respecting privacy,…
Read more

Five Observations from RSAC 2019

Last week I had the privilege of attending the 2019 RSA Security Conference in San Francisco. As in past years, the keynotes, technical sessions and sidebar conversations were a great opportunity to learn what is top-of-mind in the security industry. …
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu