A Q&A with Sandeep Bhargava, SVP, Global Services and Solutions, Public Cloud Business Unit, Rackspace Technology.
1. How has the concept of data privacy changed over the years?
When data privacy first emerged, it was not a widely recognised problem. Protecting physical data was more important to businesses and governments than protecting digital data privacy.
Because of the rise in the amount of personal data at risk, the possible repercussions of a data breach and the ease with which personal data may now be shared and accessed thanks to technology, data protection is more crucial than ever. Organisations should adopt strong data protection policies due to the increasing number of data breaches that have raised awareness among people and organisations of the dangers of improper handling of personal data.
We also see a rise in governments implementing more regulations to make companies accountable for safeguarding individuals’ interests. Amidst growing concerns about personal data misuse and breaches, it is reassuring that the long-awaited proposed amendments to the Personal Data Protection Act (PDPA) are now being introduced in Malaysia.
2. What do you think are the three biggest challenges organisations are facing when it comes to data privacy?
The global landscape of data privacy regulations is increasingly fragmented and organisations operating in various geographical locations need to comply with the General Data Protection Regulation (GDPR) in Europe, PDPA in Malaysia and other state-level regulations in Asia. This can be resource-intensive and costly and requires constant monitoring and updating of privacy practices within the company.
Defending against evolving security threats can pose a challenge as cybercriminals are continuously devising new ways to exploit vulnerabilities. Rackspace Technology’s most recent survey reveals that 55% of APAC respondents ranked cybersecurity as the highest risk their organisation sees in AI adoption. In contrast, over half of APJ respondents consider the ethical use of AI as part of their approach to AI governance.
Data breaches may result in harsh financial losses, reputational damage, and loss of user trust. Organisations need to adopt proper safeguards and clear policies against data breaches supported by C-level executives and management.
3. What best data protection practices can you recommend to organisations to keep customer data private and protected?
One strategy that businesses can use to protect their data is data encryption. It prevents unauthorised individuals from gaining access to data. By establishing user groups and role-based access procedures, this strategy allows businesses to control which people have access to what data. Decryption, viewing and editing of data require some sort of authorisation or key. The majority of data compliance rules include access control to stop someone like a receptionist at a doctor’s office from seeing a patient’s whole medical record instead of only the insurance details needed for scheduling and patient registration.
Techniques like data masking and tokenisation can be helpful in non-production contexts to conceal important information. to carry out regular audits and identify and fix any issues. Employers must also ensure that staff members receive training on best practices for data security and privacy. Regular training can improve the overall security posture and help stop inadvertent data leaks.
Businesses must not only protect the data they intake but also provide a mechanism for data deletion in light of the growing prevalence of privacy protection laws like the Personal Data Protection Act (PDPA) in Singapore. Some organisations may not be able to fully comply with data erasure demands due to poor data hygiene and negligent data governance adherence, as they may not have a thorough understanding of all the potential locations for data points. However, they need to put in measures to ensure they comply with local regulations.
Authentication is the process by which users prove their identity and gain access to data. A password may be required for certain systems while biometric indicators like fingerprints or facial scans may be used for others. Authorised parties can access data that has been locked through authentication. This can be implemented at the file, application, or network level.
Backups and recovery are also vital for businesses. It describes how you store data and how you intend to restore it in the event of a problem. Similar to consumer-level services that protect you if you misplace your phone or accidentally erase a file, enterprise-level backup involves dispersing data over several safe locations to offer redundancy. An exact snapshot of the data is used by the other site in case the first location fails. To ascertain what data is recovered and how long it takes, organisations employ Recovery Point Objective (RPO), which is the largest amount of time that data can be retrieved from, which may or may not result in data and Recovery Time Objective (RTO) metrics which is the desired amount of time between the failure event and the point at which activities resume is known as the recovery time goal.
4. How is technology enhancing data privacy efforts
Thanks to technological advancements, businesses can now more easily comply with a variety of data privacy laws by using automated solutions that monitor and enforce compliance standards in real-time, reducing the risk of human error. In 2024, many solutions will be integrated into AI to help turbocharge organisations’ IT capabilities, increasing the effectiveness of these fundamental data protection controls.
Technological innovations in data security, such as encryption and tokenisation, as mentioned earlier, enable organisations to protect sensitive data, improving overall data resilience against potential breaches as these tools make it difficult for unauthorised users to access or misuse data, even if it is intercepted.
Multi-factor authentication provides a reliable defence against password attacks but, with technological advancements, password-less options are now available. The recurring requirement for password changes is gradually disappearing as a result of our devices’ use of trusted authentication and biometrics.
