Data privacy is expensive — here’s how to manage costs

In both consumer and business circles, privacy has always been a top priority. Individuals, including company employees, are demanding more control over how their personal information is used and more transparency into how companies manage customer information. If data is the currency of the future, then ensuring privacy is key to earning user trust.

With high-profile security breaches and data leaks such as the Sunburst attack on SolarWinds, the Estée Lauder customer database leak, the discovery of Facebook and MGM Resorts confidential data on the dark web, the resurgence of WannaCry, REvil and other ransomware attacks on businesses, the Recognized the need for robust data protection strategies and processes.

Solutions should focus on how personal data is collected, processed, stored, shared, retained and destroyed while ensuring data availability and integrity and protecting assets from unauthorized access. This should also include consenting, blocking and disabling online cookies.

In cases where organizations share data with each other, including those of third parties, the above practices also apply. Leaders must work together to balance risk, transparency, customer and stakeholder satisfaction, and compliance. It goes without saying that data protection policies must balance risk, prioritization, the cost of an outage or breach, and management commitment and operational and reporting costs.

According to Gartner research, 75% of organizations will re-engineer risk and security governance for digital transformation due to imploding cybersecurity threats, insider activity, and a proliferation of attack surfaces and vulnerabilities. Some companies have even appointed Chief Privacy Officers to be responsible for this important function. Recruitment of privacy and compliance consultant services versus full or partial procurement are also active and ongoing management considerations.

non-compliance costs

Privacy often comes at a huge price – one that cannot be quantified in specific terms as the implications are huge.

“It’s easy to see that data breaches can be costly for businesses of all sizes. Enterprises should invest in data protection at every layer such as encryption, access control and incident response to prevent dangerous and expensive attacks,” said Soumendra Mohanty, chief innovation officer and chief strategy officer at data analytics firm Tredence.

“The cost of non-compliance is huge, both from a financial and reputational perspective. Maintaining compliance can cost organizations as much as $31 million depending on the industry, but non-compliance can quickly double those numbers,” Mohanty said.

Fines, legal fees and loss of business are potential consequences of failing to comply with regulatory requirements. In some cases, companies are even forced to close if they cannot comply with the regulations.

According to a report by HelpSystems, the cost of non-compliance is increasing every year and has increased by 45% over the past decade. These costs include fines and penalties, the indirect costs of reputational damage, lost revenue and time, and business interruption.

Privacy leaks go beyond dollar value

“By and large, the true cost of privacy is your trust in your customers,” said Akbar Mohammed, senior data scientist at Fractal AI. “At a time when customers are becoming increasingly tech-savvy, the company risks losing consumer trust once they realize their data isn’t secure. This eventually leads to a lot of business disruption.”

Almost all companies that need to collect data for their business operations should have a data protection infrastructure in place. Enterprises should also establish dedicated security and compliance teams that oversee data and technology assets while maintaining an aggressive threat detection policy. Today, it is imperative for organizations to have a data strategy, policies and procedures governed by a data governance authority.

“For large organizations, it’s best to conduct regular audits or assessments and obtain privacy-related certifications,” Mohammad said. “Finally, train your employees and make the entire organization aware of your activities and your policies.”

Data protection compliance regulations that count

To reduce project costs and financial impact, organizations should consider existing laws and regulations such as GDPR, CCPA, HIPAA, FTC Act and GLB Act – alongside those looming on the horizon – to address the pressing privacy and data challenges facing business operations are confronted everywhere.

Navigating in data protection management

According to Dan Garcia, CISO of EnterpriseDB, a provider of software and services based on the open-source PostgreSQ database, organizations should prioritize the security of their data, which first begins with detection within systems.

Mapping controls to a data classification policy helps ensure adequate protection against cyber threats such as cyber criminals. It is a conscious effort within and across the organization to support safer practices. Organizations that lack internal resources, employee training, proper encryption and firewalls, and employ poor password and privacy practices could suffer a serious breach and resultant lawsuits that could cripple their business.

Its essential organizations invest in a strong backup solution because backing up important files and information is essential for data security. With reliable backups, a business can withstand common events like system crashes, hard drive failures, corruption and ransomware scenarios.

“Cyber ​​criminals are adept at detecting where backups are stored and deleting them during ransomware attacks, so organizations should pay special attention to how backups are protected, storing them off-site and making sure they are managed securely,” he said.

Developers and executives alike strive for data ownership and control and just don’t have time – or money – to waste. As companies adopt a cloud-first approach to their data management, they should invest wisely in technology providers that ensure robust data protection measures—without sacrificing ownership and access to their data.

Data protection checklist

There is no universal checklist for data protection management, as the specific requirements vary depending on the type and size of the company and the industry. Nonetheless, Swapnil Srivastava, VP and Global Head of Data and Analytics at Evalueserve, shared some tips on how to manage data protection in an organization, ranked by importance and cost.

costs overheads	Why is it important?
privacy initiatives	Country-specific laws require strict governance and control of customers’ personal data
Investments in specialized technologies to protect data and IT infrastructure assets	Implementing compliance solutions requires investments in specialized software
Compliance Audits	Companies are required to report to regulators and provide evidence of compliance.
Development of compliance guidelines	With regard to compliance activities, organizations need to implement clear policies with roles, responsibilities and ownership.
Incident Response Ecosystem	As part of responding to compliance violations, organizations need to invest in incident response solutions
Employee Certification	Required by regulators
communication and training	To ensure organizations have trained employees to engage, adopt and implement a compliance strategy
redress activities	To enable companies to have standard operating procedures in place to address and govern issues arising from a non-compliance/consequences of non-compliance

Sridhar Damala, CTO of Acuity Knowledge Partners, recommends that companies look to privacy by design, not an afterthought, if they want to spend less than most companies.

“Privacy by design ensures you’ve laid the foundation for scalability,” he said. “If you have the right tools, processes and automation in place from day one, your data protection spend will be incremental rather than linear.”