In an ever-increasing connected world of constantly evolving cyber security threats, people are paying close attention to their privacy and the security of their personal and corporate data. It is fitting therefore that Saturday, January 28th, 2017 marks the anniversary of Data Privacy Day (known as Data Protection Day in Europe), an annual event celebrated internationally, which commemorates the importance of privacy and data protection.
The theme for this upcoming event is "Respecting Privacy, Safeguarding Data and Enabling Trust."
Data Privacy Day started in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe, and commemorates the January 28th, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection, according to the National Cyber Security Alliance. "Data Privacy Day is the signature event in a greater privacy awareness and education effort," stated the NCSA. In addition to the US and Canada, the event is currently observed in India and across 47 European countries.
The emergence of new technologies offer great benefits to people and the economy, but at the same time, these new technologies also carry forward a huge increase in the amount of data being collected and processed. Data protection and privacy is therefore increasingly important to ensure that organizations collect and use that information securely, responsibly, and legitimately in accordance with the law. It is equally important for individuals to be aware of the risk to privacy from new technologies, as well as their rights under data protection law.
Data Privacy Day takes a higher profile in Europe this year as the General Data Protection regulation (GDPR) prepares to come into effect in 2018, and studies show that less than half of businesses are currently familiar with the new compliance, which is meant to strengthen overall data protection.
In recognition of Data Privacy Day, I've heard from a number of vendors across the storage, big data and disaster recovery markets, each of whom weighed in on the day and trends.
"The threat to data privacy has reached a whole new level, and the worst is still to come. Adding IoT and the cloud to data threats is like adding gasoline to a fire. Data Privacy Day is a great reminder to be prepared. If you're not ready to quickly and seamlessly recover from a breakdown, the resulting downtime can be detrimental to business operations. The key here is establishing recovery point and recovery time objectives. For example, if your proactive security measures fail (in today's environment this is going to happen to you at some point, if it hasn't already), and your organization experiences a cyber-attack, you can now speed up the recovery of data with online and nearline snapshots. This is a vast improvement over traditional backup tapes. In this risky landscape, you've got to be in position to review snapshots quickly and enhance protection with multi-site replication, whether to another location or a public cloud."- Chuck Dubuque, VP, Product and Solution Marketing, Tintri
"As companies look for ways to save cost by moving business processes to the cloud, the data backup process is a likely candidate for cloud migration. Privacy becomes a concern, however, when sensitive information is moved off-site. Hybrid cloud offers the best of both worlds as it enables companies to retain control over sensitive or regulated data by storing it on-premises, whilst still being able to utilize public cloud scalability and cost for less-sensitive information." - Jon Toor, CMO, Cloudian
"Coming off a year of numerous high profile data breaches and with ransomware still running wild, businesses need to not just prepare for an attack, but ensure they can maintain critical business operations in such an event. While IT security efforts largely focus on defending the perimeter fence, there are too many opportunities for hackers to get past these defenses to not have a well-constructed and easily implemented "plan B" in place. Even the FBI in its advice "Ransomware Prevention and Response for CISOs" states "Verify the integrity of those backups and test and test the restoration process to ensure it is working". That plan B must include being able to quickly and as completely as possible recover critical data using proper tools and processes to help significantly reduce, if not nullify the impact of the intrusions. Traditional backup is nice, but it is critical to implement and successfully test a rigorous business continuity and disaster recovery strategy. CIOs and CISOs should consider a hybrid-cloud strategy that gives businesses another firebreak and secondary place for in case of emergency break glass." - Rob Strechay, VP of Product, Zerto
"In the IoT age, vastly increasing amounts of business critical data are being transferred between devices while cloud computing continues to proliferate, making data protection a high priority for IT leaders. There are countless threats, but the good news is that frameworks exist to ensure data privacy and protection in the cloud. Data encryption, vulnerability scanning, intrusion detection and disaster recovery strategies MUST be part of your IT plan to mitigate the effects of nefarious attacks, as well as taking full advantage of cloud agility while protecting your and your customers' data privacy. It's essential to combine cloud security technologies with compliance frameworks that ensure data sovereignty, maintain Privacy Shield requirements and share responsibility with Model Contract clauses, so that you can help customers meet global compliance requirements pertaining to data privacy across numerous industries. Taking this proactive approach between the cloud provider and your IT department will keep data privacy top of mind, your organization one (or three) steps ahead of malicious intent." - Justin Giardina, CTO, iland
"Last year, it seemed that big name data breaches were constantly hitting the headlines; social media giants Tumblr and LinkedIn were hit, as well as Yahoo - which infamously saw hackers steal over one billion customer accounts. This shows businesses are vulnerable. As data becomes the world's most valuable commodity, it is imperative that organizations guarantee data privacy for their customers. More organizations are moving data to the public cloud in order to reduce costs, increase capacity and deliver on access demands. However, organizations could be risking highly confidential data and this is a huge concern. Data Privacy Day should act as a reminder that the public cloud cannot provide the enhanced security and data protection measures required for critical information. Fundamentally, the only way to absolutely guarantee data privacy is by ensuring it remains on-site through an on-premises solution." - Victoria Grey, CMO, Nexsan
"Data Privacy Day is a great reminder to all of us about the importance of protecting sensitive data: making sure that people only have access to what they're entitled to see. Controlling data privacy has become increasingly difficult as Big Data solutions bring together massive amounts of disparate data, and as more applications access that data, particularly when that access is indirect or multi-layered. Security must be built in from the very beginning. Additionally, new questions are arising as machine learning is used to summarize and aggregate mixed-sensitivity content. To keep private information private, organizations must carefully and actively track information and its sensitivity through all steps of the data handling process. That's the only way to ensure that privacy is maintained, and that information blocked by its native application isn't accessible from - or even referenced by - any other application." - Jeff Evernham, Director of Consulting at Sinequa