Fireside Chat with DataGrail’s In-house Experts
It’s officially Data Privacy Week, and DataGrail is thrilled to be named an official Data Privacy Champion by the National Cybersecurity Alliance. Because Data Privacy Week is all about spreading online privacy awareness, we’ve gathered a couple of our in-house experts for a fireside chat on the trials, tribulations, and considerations that go into leading privacy and security efforts in 2023.
Keep reading for a candid conversation between Senior Privacy Advocate, Alex Krylov, and recently-appointed VP of Security, Chris Deibler. The two discuss what privacy means to them, the paradigm shift around digital privacy for consumers, and how they see security and privacy joining forces.
What does data privacy mean to you?
To me, data privacy has always been kind of inextricably linked to security. You certainly can’t be responsive to the needs of your customers vis a vis privacy if you don’t know what you’re storing, where you’re storing it, and the comparative value of that thing you are storing.
I think there’s also a parallel in the sense that many organizations see both security and privacy as an “eating your vegetables” sort of activity. It’s something that compliance made you do or something that the lawyers insisted you perform this year, as opposed to something that is elemental to building up your customer story or customer experience.
So privacy and security are similar also in the effect that not everybody wants to play along – at least not initially.
That’s a fantastic answer. It almost gets me to the cultural aspect of this and the connotations of us using terminology like data privacy versus data protection. Especially here in the States, when we say ‘data protection,’ people assume a physical, technical kind of protection that’s associated with security.
This has a visceral connotation that people can more easily imagine and relate to, because they can readily think about the negative consequences of allowing data thieves to take your data, or any other kinds of long-lasting consequences that tend to make the news rounds. [But it has a broader meaning in the EU to include protections of rights and freedoms.]
Doesn’t it feel like the cadence and the awareness has accelerated? I don’t know if I can put in like an exact point in it, but it feels like the Equifax breach flipped the bit of awareness because so many people were involved.
And I think the thought around it really changed since then. All of a sudden, people realized how behind the eight ball they were, as far as what they were exposed to on a daily basis.
That’s a great point. I think in terms of data privacy versus protection consumers are becoming more aware they do not have privacy; because their data and characteristics were actually already in the hands of large organizations like data brokers, credit bureaus, and consumer platforms.
There’s this realization that your privacy ended with you joining that service or getting that free credit report. Now that the data is out there, organizations that have it are responsible for it.
In today’s environment, ‘data privacy’ is a personal matter, and ‘data protection’ is an organizational & societal matter.
Juxtapose this against businesses who feel hamstrung by all these added responsibilities: “But we have to collect more data and we have to be able to use targeted ads. We’re tired of security, compliance, and privacy people constantly telling us no.”
That’s where I think it’s incumbent upon company leadership – not only security leadership, but leadership in general – to push back.
There are factors in which we might get a better return on our ad spend, for example. And that’s where I think consumers’ growing awareness will take us – people standing up and saying “Maybe I don’t want my personal data being a product that can be exchanged.”
Are there particular areas where you strongly feel that security and privacy pros must combine their powers?
Yeah, I think that the easy answer to that is data inventory and classification. Having good denominators about what your exposure is, either from a security or privacy standpoint, is the foundation of everything.
My personal assessment and security philosophy is to have strong denominators and measure from there. Know what you have a hold of, who it belongs to, what its life cycle is, and what its intended use is so you can intelligently answer the question of Why am I even holding on to this at all? I think that’s where it starts for both regimes.
Reflecting on how we can #RespectPrivacy: consumer privacy awareness and expectations are at an all-time high. So how can your organization rise to the occasion? It’s not always easy, especially in this digital ecosystem. It’s time for privacy and security to partner closely with each other to develop strong data foundations in order to build that trust and grow brand loyalty.
Thanks to Alex and Chris for sharing this discussion with us – after all, that’s what Data Privacy Week is all about.