For me, trust has to be earned. It’s not something that can be demanded or pulled out of a drawer and handed over. And the more government or the business sector shows genuine regard and respect for peoples’ privacy in their actions, as well as in their word and policies, the more that trust will come into being.
Definition of privacy. 1a : the quality or state of being apart from company or observation : seclusion. b : freedom from unauthorized intrusion one’s right to privacy. 2 archaic : a place of seclusion. 3a : secrecy.
The inaugural webcast of Tomorrow’s Jobs Today: Wisdom and Career Advice From Thought Leaders in AI, big data, The Internet of Things, Privacy, and more. Host Rafael Moscatel picks the brains of business leaders throughout the world who are pioneering emerging technologies and leadership concepts across a variety of industries in both the public and private sectors to better understand the future of work and the incredible tools being developed to perform that work.
Priya, we’re going to talk a lot about data maps today, and you have a lot to show us there. But before you treat us to kind of the bells and whistles on your product, I do want to talk briefly about why you decided to start this business. You had an excellent position for one of the big four accounting firms, and you were doing some amazing work over there for them. So tell me: Why did you take this leap?
Data is going to be one of the biggest risks for every enterprise in the next decade or so, and that’s broader than just cybersecurity risk. And most gender councils acknowledge this and are looking to build programs in-house to manage this proactively. I felt that most of the programs so far are consultant-driven, and there was a lack of products that supported these programs in a holistic manner. And I felt that there was a gap that perhaps we could address, so we founded Maru, and it’s been an excellent journey so far.
So Priya, for some of our viewers that are very new to IT infrastructure and data maps, can you give us a basic definition of what a data map is?
Yeah, it is a bird’s-eye view of all the data within the organization. For somebody who is trying to manage the risk around the data at a very high level, it provides all the details, in terms of the number of systems, where the data originated, how it flows. And you’re able to look at which systems are riskier, versus not. You’re able to understand the security controls that you have in place. So you can bring all of the information into one single place and take a look at it for various decision-making purposes, and that’s what the data map gives you.
Now that you’ve told us exactly what a data map is, can you tell us a little bit more about why it’s important in today’s climate, with all of the privacy compliance exercises that companies need to undertake?
The best way to explain this is with an elephant story that actually one of my mentors first told me. A bunch of blind men, who had never seen an elephant before, encountered an elephant. And they were experiencing this elephant in various ways, right? So somebody touched … One person touched the trunk. Somebody else was looking at the tail and obviously had a completely different description of what the elephant was. And somebody else was touching the body and had a very different description of the elephant. That’s true in most organizations. We are siloed.
We have a very good understanding of what we are doing with the data that we see and how we are using the data that we have, but it lacks perspective, and that’s what happens in most organizations. So you have perspectives. None of them are wrong, but the perspectives are limited, from a certain viewpoint. And what data map helps in cross-functional. So it brings collaboration. It helps in establishing true trust in data because now you have a true understanding of what is going on with your data. And it’s not just for compliance, though obviously, it gives you better control over compliance efforts. But it gives you, also, better visibility into your data.
via Professing Principles of Digital Ethics and Privacy – CPO Magazine “For me, trust has to be earned. It’s not something that can be demanded or pulled out of a drawer and handed over. And the more government or the business sector shows genuine regard and respect for peoples’ privacy in their actions, as well… Read More »Professing Principles of Digital Ethics and Privacy – CPO Magazine
The ease of digitally storing and monetizing personal information has now run up against the rights of consumers to access and in some sense, reclaim ownership of that data,” via Data Governance: How to Tackle 3 Key Issues – BankInfoSecurity Shift in Concept of Privacy Privacy requirements have changed dramatically as a result of GDPR… Read More »Data Governance: How to Tackle 3 Key Issues – BankInfoSecurity
Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance
In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance. Below are some excerpts from my transcribed remarks.
ON KEY PRIVACY ISSUES TODAY…
What’s important to remember here, overall, is that making your privacy plan a key component in your compliance program isn’t just helpful. These days it’s really a strategic imperative. That’s not only because it’s a hot topic or because it’s a growing regulatory requirement, but because it naturally enhances the way our organizations, and specifically our compliance and infosec groups, treat and value ALL of the data they’re responsible for testing and for securing, and in validating and protecting PII, we’re actually adding a layer of assurance that improves both internal operations and the customer experience.
Privacy makes data governance ethical and tangible, and compliance leaders understand that. Today, what we’re going to walk you through is what that awareness and proactive approach look like through the eyes of project leaders during three stages of compliance, prevention, maintenance, and retrospective.
What’s important to remember here, overall, is that making your privacy plan a key component in your compliance program isn’t just helpful. These days it’s really a strategic imperative.
I just want to point out that privacy, conceptually, is, of course, ancient really. People tend to forget that. I mean it has been written into legal codes even before the constitution as a Records and Information Governance community we’ve been dealing with it, from HIPPA to SOX, in one form or another. What’s different today at least in the business world is that the thresholds that trigger compliance these days aren’t industry-specific. Instead, they’re related to annual revenue and the number of data subjects you interact with, so that’s why we see a broader cut of industry’s being looped into these new demands of GDPR and the CCPA.
ON UNDERSTANDING TODAY’S REGULATORY COMPLEXITIES…
Privacy leaders have been asked about the volatile regulatory environment and a clear majority of privacy leaders rank keeping pace with the new regulatory landscape as a pretty important factor in their strategy…. Research also that a minority also are not confident that they have a framework for helping them adjust to that change. So, that’s what we’re aiming to address here today in terms of strengthening that IG program so that it helps buttress or even drive your privacy goals.
[Another] insight we’re sharing with you involves metrics. And we all know metrics is the heart and soul of compliance to a large degree. And we see that finding those metrics to measure their programs is somewhat lacking for the majority of those surveyed. And that results in the majority of leaders being unable to effectively report on their program outcomes.
Data Governance: How to Tackle 3 Key Issues The Importance of Accountability, Data Inventory and Automation – Full Interview with Rafael Moscatel
I was recently interviewed for an article on Data Governance & Privacy for a number of periodicals including Info Risk Today on “Data Governance: How to Tackle 3 Key Issues: The Importance of Accountability, Data Inventory, and Automation. Below is the full text of my interview for additional context. With privacy law getting stronger by… Read More »Data Governance: How to Tackle 3 Key Issues The Importance of Accountability, Data Inventory and Automation – Full Interview with Rafael Moscatel
The competition for the Information Management 2019 IMT MVP Awards was tight – and congrats are in order to all of our winners! We got to know one of them, a bit better here! Read the winning articles here: http://bit.ly/IMTAwards2019 The 2019 Information Management Today MVP Awards Winners Spotlight from Shelley Trout on Vimeo.
Design your career for tomorrow with wisdom from leaders whose shoulders you stand on today. It gives me great pleasure to shout from the digital mountaintop that along with my co-author, Abby Moscatel, Esq., we’ve signed a book deal with John Hunt Publishing to release our book, Tomorrow’s Jobs Today: Wisdom and Career Advice from… Read More »Tomorrow’s Jobs Today to be released by John Hunt Publishing in 2020
The 2020 MER Conference Agenda has been announced and conference registration is now available. This year’s conference takes place May 4-6th in Chicago and features Information Governance sessions on Privacy, eDiscovery, Data Remediation, emerging technologies, and operational best practices from the industry’s leading experts, along with the experiences of knowledgeable practitioners. Compliance and Privacy Partners… Read More »Compliance and Privacy Partners and Ethikos to Speak at the 2020 MER Conference in Chicago
MUST-SEE WEBINAR: SAVE THE DATE – January 22 “California Consumer Privacy Act – Now What Do We Do?” Register here: https://zoom.us/webinar/register/WN_inuTshVvT9SAQ_XGa Learn: Why data protection and privacy are important to my business What to do in case of a data breach Preparation for a cyber-attack Preparation for CCPA Preparation for PII/PHI breach response When: Wednesday,… Read More »“California Consumer Privacy Act – Now What Do We Do” – Free Webinar 1/22/19
Truth is stranger than fiction… There’s a memorable scene in Back to the Future 3 where Marty receives a Western Union telegraph from Doc almost a century after it was originally mailed, warning him of events to come. Seems an unlikely possibility that any organization would honor such a request to preserve, protect and deliver documents… Read More »Great Scott! A True Story Illustrating the Importance of Ethics in Privacy and Records Management
As I’ve traveled around California doing my “Blessings of the CCPA” presentation, I’ve been asked repeatedly about the “average” cost of a CCPA solution from CFO’s, GC’s and IT folks alike. It’s a loaded question because there are many aspects to the law, from policy revision to website disclosures and consumer data request fulfillment. One size does not fit all and organizations need to spend time methodically planning their approach before they begin setting aside budget and other resources.