Equinix on Data Privacy and Protection
Estimated reading time: 4 minutes
How secure is your data network? Equinix, the world’s digital infrastructure company™, processes and protects a significant amount of data daily. Equinix’s Chief Privacy Officer, Peter Waters shared a commentary and later answers some questions EITN forwarded about data privacy.
“In recent years, data privacy compliance has become a critical consideration driving critical business decisions as companies look to digitally transform. Cybersecurity vulnerabilities continue to increase as companies grow their digital footprints due to the massive amounts of data being generated.
The Data Privacy Day on January 28th comes as a reminder for organizations to assess their cyber risks and ensure strong data privacy protections are in place but in such a way that will not impede innovation within the digital economy. Due to the increasing complexity of data flows, enterprises need to evolve past securing data at rest to a posture of continuous governance where all data is protected.
Increasingly, we are seeing enterprises place, manage and analyze data at the edge, closer to their users, services and clouds. Meanwhile, concerns over the security and privacy of data in movement and/or in the cloud have also increased. This situation is more critical in Asia-Pacific and has driven the need for better technology and infrastructure solutions that improve data accessibility, security and control, while also meeting increasing data privacy requirements. It is a balancing act.
At Equinix, we support many of the largest enterprises in the world. Through our Equinix Privacy Office, we proactively manage our own compliance with applicable new and evolving data privacy laws and seek to assist customers to do the same. Our data security practices and controls around our own global platform of systems and processes are robust.
Increasingly, we are seeing enterprises place, manage and analyze data at the edge, closer to their users, services and clouds.
Our digital services like Network Edge and a rich set of security-focused partners in our ecosystem, which sets up these security services closer to the user to protect that data locally. Our goal is to embed the concept of privacy by design into new system deployments and business process improvements across various aspects of our business, as well as offer our clients systems and infrastructure they can rely on.”
EITN: What is the awareness level for data privacy and protection?
Peter: As more organizations increasingly adopt distributed infrastructure for seamless connectivity, they’re highly aware of their need for transparency around data flows and the security parameters that apply to these data flows, which are the hallmarks of new data privacy and protection regulations. Understanding this from cloud service providers and companies in their supply chain is a key requirement when choosing an infrastructure partner.
EITN: Are data privacy and data protection the same, from Equinix’s perspective?
Peter: Data Privacy and data protection are often used interchangeably, and from a strict legal perspective that is often correct, but it is worth thinking about how the concepts are sometimes used differently. Data privacy is used in contexts that are more personal. It relates to collecting and processing of personal data in connection with the relationship that the individual has with an organization.
Recent data privacy compliance regulations such as GDPR grant rights to individuals to have full transparency as to what is happening with their personal data and make certain requests to be carried out by companies, and companies are responsible to take measures to protect such personal data.
On the other hand, data protection is also the way organizations adopt to uphold their privacy and security around personal data, but it is often used more broadly as well. Data protection requires tools and policies that restrict access to the data, whether personal or otherwise. It is often more expedient for an organization to apply these safeguards against personal data and other forms of proprietary company data and confidential data at the same time. Protecting such data enables companies to prevent data breaches, damage to reputation, and can better meet a wider range of regulatory requirements, not just data privacy laws.
Data protection requires tools and policies that restrict access to the data, whether personal or otherwise.
At Equinix for instance, we have implemented a data classification policy and apply it to deployment of many technical and organizational safeguards such as encryption of data in our core systems that support our global platform, the back up of data to ensure it remains available in the event of a security incident and periodic testing, assessment, and evaluation of the effectiveness of our safeguards.