Within the past ten years, the use of data in tech innovations has exploded, bringing many conveniences to our fingertips. In exchange, data giants such as Google and Facebook collect a staggering amount of personal information on us.
As tech companies are entrusted with an enormous amount of user data, it isn’t always clear how they are kept accountable, with difficult privacy compliance processes. Governments need to enforce strong collaboration with companies in policing data protection.
GovInsider spoke with Ron Bennatan, SVP and GM of Data Security at Imperva to find out more.
The prickly problem of privacy
With reams of data sitting in each company’s systems, governments have a new problem to think about. How can they ensure profiteering moguls don’t misuse citizens personal information for their own gain?
Some nations such as Germany have gone to the extreme, Ron notes. All schools have banned Office365 in a bid to protect students’ privacy.
Not all countries will take on such measures, but many authorities are still in the early stages of figuring out the best way to regulate data use, he says.
Regulations sometimes contradict each other, he explains. For instance, a law may require a company to retain logs for three years. However, these logs may contain sensitive information related to the users, who on the other hand, wish to have their private information deleted. These situations can often create confusion in which legislation should be administered.
“The gaps have to do with the fact that data protection laws are fairly new,” he remarks. Governments and companies are still working out suitable boundaries for compliance laws.
Paying attention to those at the receiving end of these laws can help. “The most important thing to do right now is to be very attentive to industry,” says Ron. They give crucial feedback for what’s needed and feasible.
Automated data protection
It’s important for companies to know exactly what kind of data they have, so they know what needs to be protected. The new Imperva Data Privacy Solution automatically scans, identifies and labels all of a company’s data. It keeps a master catalogue of where all the personal information sits, and updates it as it changes.
This information is presented on a handy dashboard, which gives data protection officers visibility on where the data is and how it’s used. They can ask questions to understand how long they’ve had the data for, how many copies exist, and how it has moved throughout the company.
The tool also uses AI and automation to eliminate much of the manual input required from humans, reducing the time spent on securing data privacy. It could help agencies reduce the time required to comply with data privacy laws.
This is crucial for when customers request for the company to reveal all the personal information they have on them. Depending on the country, companies typically have between two weeks and a month to generate this report. “Without that master catalogue, there’s just no way to do this in a few weeks,” Ron says.
This tool has helped global financial services and healthcare institutions to comply with privacy laws, shares Ron. It has led to “serious cost and effort reduction” – what used to take “an army of people” can be done by one person, he adds.
Imperva’s tool is also built to ease the shift to the cloud. It can reach into all databases, whether local or on the cloud.
With data fuelling successful businesses around the world, governments will need to keep their data use in check. The new Imperva Data Privacy Solution can potentially be a great tool for simplifying the compliance process.