Data: Your Greatest Asset or Detriment
Netapp’s Chief Privacy Officer (CPO) Sheila FitzPatrick has observed that Asia is surpassing Europe in terms of data privacy awareness and enhancing their data privacy laws.
She also said, “And I haven’t seen it in past several years, but enforcement is also slowly being enhanced,” citing South Korea as one example of a country that is very aggressive.
Overall, the CPO noted an “a-ha” moment among decision makers in private and government organisations in Asia Pacific, as they slowly realise that they haven’t been addressing the right things ie. there is no idea about what data is being replicated, who is seeing the data, whether it can be supported by a third-party plus many more other privacy and legal concerns.
“Countries know they have to step up, but they are not sure how,” FitzPatrick said, adding that business is a main driver for Asia Pacific trying to attract multinational companies (MNCs) to outsource from this region. “But Europe (companies) are nervous because of privacy.”
Netapp’s privacy organisation
The CPO opined that the key to a successful privacy programme or organisation is understanding of the law and visibility into key privacy councils around the world as well as data protection organisations.
For FitzPatrick, she built Netapp’s privacy programme since nine years ago, and cites that one of its greatest successes is that is not based on US laws, but global laws. “So, policy, procedure, processes are global.”
Netapp can also claim to being GDPR-compliant 18 months before the European Union (EU) enforces it. “The Genera Data Protection Regulation is going to be multi-jurisdictional. As long a data centre holds the personal data of an EU citizen, it would be compelled to comply with GDPR,” explained FitzPatrick.
“We don’t think of privacy as an afterthought. Data can be your greatest asset and detriment. If you only think of a tech solution (to data privacy), it doesn’t do you good to encrypt data you shouldn’t be collecting in the first place,” the CPO pointed out.
Just one of the many questions that organisations need to ask when building their privacy programme or even their solution, is: Under which jurisdiction is private data defined?
In the APAC region alone, there are 21 different data protection laws, and of late, at least five countries are implementing data protection authorities to enforce them in their respective countries.
Privacy is not security
FitzPatrick has sound advice for organisations moving forward, “Data privacy isn’t just encryption. If you encrypt data you never had the right to collect in the first place, you broke the law. Vet your partners for their privacy compliance programmes.”
Her message for companies that collect, store and handle personal data of individuals: Instead of spending time and money trying to get around privacy compliance laws, just deal with it.
Netapp has developed templates, policies, training and privacy impact assessments for companies on their privacy compliance journey that want to be sure they are being as comprehensive as possible.