What are your biggest challenges in handling consumer data with respect to data privacy and security and what tools and processes help you manage these?
Sort by:
From a program Point of View, the biggest challenge is the number and variety of privacy regulations across the globe. The way to overcome it is to try using the highest standard to be applied everywhere, as this will limit the changes required to your privacy program.
On the more technical side, Data Retention is a big challenge. Privacy principles are stating that "you should not keep data for longer than needed", but the minimum retention is defined by different set of laws. This makes it hard to find the right retention schedule. And then, when you have it, automating deletion is also another problem.
Some concepts may help, for exemple, Data redaction:
Data Redaction: What It Is and When to Use It | Informatica
IMHO, the biggest challenge is knowing which data you need to accord with what level of protection. There are many tools and processes that can be used to secure the data once you know what needs to be protected.
My preference is to follow a zero trust approach I call MAZE, mission-critical assurance using zero-trust enforcement. MAZE combines zero trust enforcement while implementing a Defence-in-Depth approach to cybersecurity design.
I would begin by identifying and categorising the data into security classes based upon how much security control needs to be applied to the data. I would then divide the computing infrastructure into zones based upon the need to make the data available and the security class they belong to. Finally, I would build conduits between each zone using micro-segments and incorporate data security controls for each conduit. I prefer this approach since it helps me scale from hundreds to thousands of computing infrastructure assets.
Handling consumer data presents multitude of challenges with regards to privacy & security. A strong data classification and data handling policy with effective controls is required. Some practical challenges related to collection of consumer data, classifying and limiting personal data collection, securing data, implementation of effective controls in line with regulatory requirements etc.
Moving agile can be challenging while respecting customer data, and having the whole team on board with the importance of small but significant exposure.
I agree with the august commenters that vendors are a major threat.
The tools used are not my largest concern since the privacy culture among vendors will drive the amount of effort put into data protection. For example, a hypothetical vendor may have once told me that a hacked email box is just a glitch, nothing to worry about. The response did not show their dedication to the highest levels of data protection, in my humble opinion.
Promulgating the privacy culture outside our organization is a challenge.