Data privacy regulations are an important rebound to our increasingly digital and connected world, but they are moving targets fraught with complexities and challenging time constraints.
Early adopters of privacy policies – such as the European Union, United Kingdom, Australia, Canada and the United States – have paved the way for others to define their own laws, but they’ve also circled back to modify their initial regulations in support of individuals’ rights to access, delete, rectify, export and opt-out data. These parallel efforts across different jurisdictions to launch and enhance local data privacy provisions yields further confusion and complexity – at least for now.
Data Breach Response Technology Trends for 2020
At Canopy, we foresee 3 new trends coming to bear in 2020 to help enterprises and cyber security professionals avoid the pitfalls of this turbulent scene.
1. Apply sophisticated technology that is calibrated to data breach response pressures.
As the list of privacy laws grows, so too does the list of data elements that are covered by the laws. When a data breach occurs, multiple jurisdictions and privacy laws will likely be triggered, and data elements like Gender and Social Security Number may be subject to different requirements under each privacy law. These variances affect how the data is organized, prioritized and processed during a data breach response. This type of complexity within a high-pressure, time-sensitive situation makes technology a necessity. Canopy is specialized software built specifically for this circumstance—enabling the team to quickly and accurately detect, extract and link related data elements, all while ensuring the various notification requirements have been met.
2. Define best practices for data breach responses and follow defensible methods.
As privacy regulations hit their strides and gain vigor, breach responses may be increasingly monitored and challenged by regulatory agencies. This rising oversight and the emergence of US-style class action lawsuits in the wake of cyber incidents prompts the need for methodical and defensible processes when identifying the individuals who have had their Personally Identifiable Information (PII) compromised during a breach. Along with fellow pioneers in the protected-data discovery specialty, Canopy has defined the best practices and defensible methods for data breach responses and developed technology to defensibly process, data mine, and extract the PII in breached data for this very purpose.
3. Organize formal Data Breach Resiliency programs within enterprises.
As the frequency and severity of cyber incidents increases – and the hoops to compliance increase – responding to a data breach is no longer a one-off project tackled by an impromptu team. Instead, in 2020, enterprises are clear on the stakes involved and they are dedicating internal resources to lead the charge and remain poised to enlist support from specialized third parties. Canopy has collaborated with partners in the fields of cyber forensics and document review to define repeatable best practices for enterprises and their service providers to follow in the wake of data breach. The result of this coordinated people-process-technology approach is not only successful compliance with the various regulations, but dramatic cost savings.
As 2020 – the year of metaphorical perfect vision – nears, the one thing that is clear is class action lawsuits and regulator fines will increase for protected data that are not handled appropriately. Along with our partners, Canopy is pleased to be helping enterprises side step those hazards and achieve compliance cost effectively.