#data #privacy #popi #popia #cyberinsurance
The digital age has brought into play a number of changes that are not only required but critical to maintaining security for both private individuals and companies. Keeping sensitive information safe for a business is a high priority, and cybercriminals (also known as “threat actors”) devote hours to trying to breach company systems. Cybercrime has accelerated to the point where billions of dollars are lost each year globally, and some have been to the point of destroying the reputation of a company.
Data privacy relates to the ways that an organisation protects its data, which includes compliance with specific state or country regulations on the methods and requirements. The topic can be a bit complicated and every business should have a cybersecurity specialist company that reviews how their data is stored, collected, managed, and even shared with third parties to ensure they are abiding by the laws. This is of particular note in South Africa with the institution of the POPI (Protection of Personal Information Act 4 of 2013)
Data Security versus Data Privacy
While these two terms may intertwine in functionality, they are defined as entirely different entities. Data privacy relates to the laws for data protection, focusing on the collection, process, sharing, archiving, and deleting of the data. Data security is the steps that a business takes to maintain the information/data is secure and what they do to keep unauthorised individuals from accessing the data.
Data Privacy Expectations from Clients
Trust is a major issue when it comes to customer/company relations. When a customer gives a business their personal information they expect that the data will be maintained in a secure fashion. New laws are being added around the globe so that clients must be informed on how their personal data is being used and processed and giving them control to stop their information from being shared. This subject is so important that a dataprivacymanager.net 2019 survey showed that 73% of customers responded that trust in companies mattered more than the previous year.
Privacy Means Being Left Alone
Consumer and client control over their personal data translates into their right to be left alone. The individual should be able to exercise their privacy rights when and/or if they choose it. Some of the new laws in various countries are including this as part of the compliance guidelines. The GDPR (General Data Protection Regulation), which is part of the digital future of Europe institutes incredible fines to any organisation that violates the digital privacy of consumers or customers.
A Breach is a LOT More than You Think
The Ponemon Institute created the 2020 research results entitled The Cost of a Data Breach Report and included the following staggering information:
- It takes an average of 280 days to detect a breach.
- A company can save around $1 million if they detect a breach in less than 200 days.
- The average cost of a data breach in 2020 is $3.86 million.
Beyond the loss of company integrity and trust, the cost of a breach of data privacy is enough to cause the destruction of company entities. Investing in a privacy program that monitors for potential threat actors and maintains compliance with all of the laws is considered to be part of the cost of doing business in our digital world.
“DaVinci Forensics meets with customers to assist them in the design and implementation of a digital privacy strategy. We review the various factors, talk with IT Departments, and help with risk assessment and analysis.”
Originally published at https://davinciforensics.co.za.