Privacy is an interesting element to cage in today’s Digital world. Social media’s connected world with virtually no boundaries, wearables in easy accessibility of common man with capabilities of location and optical tracking, mobiles with huge processing powers are making the subject relatively tricky.

With such an exponential level of connectedness, on one hand creates numerous business and growth opportunities, but also creates equal possibilities of potential risks. This poses a reputation risk for individuals, Organizations and Governments across geographies. Cloud with data stores / Back up / Disaster recovery DBs spread across geography are pushing the complexity to implement legal and regulatory controls. Data Points may relate to Personal Info, Sensitive Personal Data, Protected Health Info, and any Non-Public Personal Info etc.

Organizations which gather the data points holds larger responsibility and accountability for ensuring trust and prevents misuse. For quite some time, Privacy agenda is primarily driven by compliance and regulations. There is a need to build an ‘Organisation Centric’ view instead of ‘Dept-centric’, which helps organizations build privacy as a culture and embed privacy in design across all phases of Creation, Collection, Use, Distribution, Maintenance and Disposition. This creates a central visibility and helps in managing insider threats as well.

Data movement framework should ensure

• Classification of critical data elements,
• Track Data sources & Destinations
• Who is Accessing and level of visibility mapping
• ‘When’, ‘Why’, ‘Where’ & ‘How’ data is moved
• Encryption Protocols and related tech applied to Data at rest, in-transit
• Functional and Technical owners
• Data Dissemination.
• Ageing and Purging of Data 
• Last not the least is capability to erase the data

This becomes furthermore complex as data is shared with third party for processing. It becomes difficult to track and ensure if data is destroyed post its usage or contract terms. Essentially, we need the map the data flow across systems spread over different tech, on-premises / on-cloud. This creates trust and accountability.

The Road Ahead is challenging but achievable. Organizations should engage Privacy Enhancing Technologies to reduce Manual and Personnel dependency, introduce prevention in the Org DNA. This not only helps attach severity level to different type of info classification but also push operationalization of system rules and Policies. These Techs could be off-the-shelf capabilities or custom frameworks.

While there are many avenues for implementing such tech, four broad spheres are viz. Authenticate & Authorize (Inside / Outside Org Perimeter), Device or Infra Securities (Org or BYODs), Network Screening at entry and Exit Points, Encryption Framework for Data at-rest or in-motion.

Individuals can also be relatively more vigilant and exercise controls available at their disposals. Most Countries including India, have introduced a concept of ‘Do Not Disturb’ directory. Individuals can register here and block any type of promotional or marketing calls. Different browsers have also given flexibility to keep privacy intact while browsing, shopping etc. A minimum practice to infuse in our routines is to log-off from application while closing the browser.

Privacy campaigns with practical enactments are an important instrument to raise awareness across employees, Individuals & consumers etc. Similarly, Organizations are encouraged to undertake Privacy Impact assessments, to assess Privacy exposure and mange risks proactively.

Governments across world are redefining, renewing, and improvising the regulations, GDPR is one such example. New frameworks and International standards like DPF, APEC, BS 10012, ISO 29100 are available for reference and implementation. Intent is to generate and agree Instruments across entities and geographical boundaries to ensure regulated flow of data, with the objective of promoting Growth, Business while preserving data privacy.

We as individuals and corporations need to be proactive and preventive in approach and exchanging data over digital and physical media….