Back to All Blogs

Protecting customer data must be a corporate priority

Given the increasing reliance on digital technologies and the explosion of data, organizations have a growing obligation to assess their data privacy protocols and practices to safeguard personal data.

02 / 7 / 2023
5 minute read
Fingerprint Data Protection

In 2022, there were more than 5 billion internet users worldwide, and experts expect humans to generate 463 exabytes of data daily by 2025. Not surprisingly, cyberattacks and data breaches are also on the rise. With corporate networks experiencing 38% more cyberattacks per week in 2022 than in 2021, data security practices have never been more important.

State privacy laws are here—more are coming

California

California Consumer Privacy Act (CCPA)

January 1, 2020

California Privacy Rights Act (CPRA).

January 1, 2023

Virginia

Virginia Consumer Data Protection Act (VCDPA)

January 1, 2023

Colorado

Colorado Privacy Act (CPA)

July 1, 2023

Connecticut

Connecticut Data Privacy Act (CTDPA)

July 1, 2023

Utah

Utah Consumer Privacy Act (UCPA)

December 31, 2023

Following the lead of the European Union and its General Data Protection Regulation (GDPR), U.S. states are adopting data privacy laws to protect their citizens’ data. The first of these laws, the California Consumer Privacy Act (CCPA), went into effect in January 2020 and was updated on January 1, 2023 through the California Privacy Rights Act (CPRA).  Virginia enacted the Virginia Consumer Data Protection Act (VCDPA) on January 1, 2023. Colorado, Connecticut and Utah have also passed legislation. The Colorado Privacy Act (CPA) and Connecticut Data Privacy Act (CTDPA) will take effect on July 1, 2023, while the Utah Consumer Privacy Act (UCPA) is slated for December 31, 2023. While these laws vary by state, each sets expectations and holds organizations accountable for how they accept, store and use private customer data. 

To comply with these laws and support overall data privacy, organizations need to take the necessary steps to protect personal information (PI) and other sensitive customer data.  

Building a data privacy strategy

With all data privacy efforts, defense-in-depth is key. Bad actors are in the business of stealing, selling, and publishing data—and given how lucrative it is, a single defense is unlikely to stop them. Think of it in terms of securing a building. Locked windows and doors are not enough to prevent a persistent intruder. Additional security layers, such as window bars, shatter-resistant glass, deadlocks and an alarm system bolster defense. The same is true when securing data. By limiting the data collected and who can access it and implementing automated alerts, live SOC responses and various technology-enabled defenses, organizations create a tiered protection program. 

Log existing data

Before an organization can protect sensitive data, it must know what data it has. Inventorying the data an organization holds and where that data resides is essential. While this sounds obvious a surprising number of organizations lack this insight.

Minimize private data 

One of the best defenses to support data center privacy is eliminating unnecessary data. To minimize liability, organizations should only collect and retain data that is essential to business operations or required for regulatory compliance. In addition to limiting data in-take, organizations should regularly purge unnecessary data to further control risk. The bottom line is, data that is not available, cannot be stolen or compromised. 

Protecting private data

Taking the necessary precautions by putting the right protocols, practices and safeguards in place can help protect private data from both nefarious activity and simple human error—whether from inside or outside the organization.     

Access Controls. Examples of people accessing and sharing private data—whether intentionally or accidentally—is rampant. In 2021, the personal information of 530 million Facebook users was leaked in an online forum. In 2022, human error enabled confidential data on 120,000 taxpayers to be downloaded from the IRS website. Clearly, bad actors are not the only threats. According to recent data, 43% of all breaches are insider threats, either intentional or unintentional. Least privilege access helps limit and control access to specific data, ensuring only authorized individuals can view, move or manage data to greatly reduce the risk of exposure. 

MDR. The speed at which a data breach or other privacy-threatening issue is recognized and addressed can make a significant difference in limiting exposure. Automated alerts provide warnings of compromising behavior or unauthorized access to allow the organization to respond quickly and effectively. Managed Detection and Response (MDR) is designed to help organizations actively monitor data, identify unusual activity and quickly react to any potential issue. 

Zero Trust. Operating under the “never trust, always verify” mantra, a Zero Trust security framework strengthens data privacy by authenticating users prior to granting access to corporate applications and data. It also continuously validates users’ digital interactions to retain access. Under this model, users are also granted the least required access to perform their jobs.

Some support in the data privacy journey

Implementing these steps can be challenging, especially for organization with limited resources. Data center services providers can help. 

Physical security

Strong physical security in the data center prevents bad actors and unauthorized employees from having physical access to systems, decreasing the risk of stolen, corrupted or lost data.               

Data protections

Data centers manage, maintain and protect the underlying IT infrastructure organizations rely on to run their operations. Data centers also offer disaster-recovery-as-a-service (DRaaS) and backup-as-a-service (BaaS) solutions to protect data and application availability during an outage or attack.  

Professional services

Keeping pace with the constant changes and threats surrounding data privacy is an ongoing process. Data center service providers who offer professional services, like Flexential, can take it a step further and help organizations assess their current privacy posture and design, implement and maintain a best practice data privacy strategy. 

As data privacy continues to command a spotlight, organizations cannot be complacent. Every organization should take a step toward protecting its customers’ data and building a data privacy program that is an integral part of its security strategy. 

If your IT team lacks experience with managing data privacy, including personal information (PI) and other sensitive data, we recommend engaging external experts to support you in maturing your cybersecurity program to protect customers and your organization.

Accelerate your hybrid IT journey, reduce spend, and gain a trusted partner

Reach out with a question, business challenge, or infrastructure goal. We’ll provide a customized FlexAnywhere® solution blueprint.