Privacy Compliance: Today’s Challenge

Organizations attempting to comply with data privacy regulations face a confusing and ever-changing landscape. As digital technologies—especially online services—facilitate the creation and communication of more and more personal and sensitive information, individuals and their governments are understandably concerned about how such information is used—and protected. When a consumer uses an online service, for example, many different parties may be involved—each with an incentive to use that information for monetary gain or other business advantage, and each with access to information about consumers’ identity, financial information, purchases, preferences, reading habits, and more. To protect consumers’ privacy, many countries and jurisdictions have enacted or are considering enacting laws and regulations that protect at least certain classes of information.

Learn More

Regulations and standards from different countries, states, and industries have different provisions, and these change over time. Data that might be deemed non-sensitive today may become sensitive and regulated tomorrow. In this uncertain environment, organizations take a cautious approach; for example, the loss of email addresses, once not considered sensitive, has recently triggered data breach disclosures by multiple organizations.

Regulations range from rather vague to quite specific. While some focus more generally on corporate governance processes, others specify in some detail the kinds of protection required, what organizations need to do to prevent and disclose breaches, and how organizations can prove their compliance with regulations. For example, some regulations require organizations to take action each year to maintain compliance, while others require action only in the case of a security breach.

Many of today’s privacy regulations target particular kinds of data such as healthcare records or specific industries such as European telecommunications firms and ISPs. Some privacy requirements are not government mandates at all, but rather constitute a single industry’s efforts to regulate itself. The best example of this is the Payment Card Industry Data Security Standard (PCI DSS), which has become so widely recognized that it has the potential to become a model for other industries with similar challenges.

Given this somewhat confusing and unstable picture, forward-thinking organizations should proactively take steps to reduce their risk of non-compliance; using a strategic rather than fragmented approach, they should look beyond current privacy requirements while keeping an eye on their broader security goals.

Hide This Section

Risks

  • The complex, changing, and confusing landscape of data privacy regulation can cause organizations to take the wrong measures or just avoid the issue.
  • Non-compliance can result in fines or business restrictions and actual attacks can trigger embarrassing data breach disclosures, resulting in loss of customer and partner confidence.
  • Many organizations face multiple requirements that span different data types, geographic regions, organizational silos and management domains, making it difficult to establish consistency and exploit common practices.
  • Strategies such as outsourcing and use of cloud-based infrastructure can complicate an organization’s data privacy compliance efforts and may be precluded in some cases.
  • Organizations that choose costly and cumbersome data protection solutions may achieve compliance at the expense of flexibility and business scalability.
  • An overly compliance-driven approach, focusing only on the requirements of external mandates, can lead decision makers to lose sight of the bigger security picture—the need to protect the organization’s intellectual property and customer relationships.

Hide This Section

Privacy Compliance: Thales e-Security Solutions

Products and services from Thales e-Security can help you protect customer data, comply with privacy mandates in your region and your industry, and plan for the future—while keeping your business and IT processes efficient and scalable. Organizations looking for the most effective means of complying with privacy mandates should adopt a data-centric approach that focuses on information—where it is stored, how it moves, and how it is used—and then analyze the relationship between the organization’s data and applicable regulations. With long-standing expertise in many facets of data protection—including today’s broad range of privacy mandates—Thales has designed products and solutions that support today’s best practices for effective and efficient privacy protection and compliance.

Benefits:

  • Implement a straightforward approach to data protection and compliance.
  • Avoid having to make troubling tradeoffs between data security and compliance, on the one hand, and efficiency, performance, and scalability on the other.
  • Work with experts in today’s data privacy mandates—from national and state regulations to industry standards.
  • Accelerate deployments—products from Thales interoperate with applications and devices from leading security vendors.

Hide This Section