Mumbai: The tech and software industry around the world since 2008 celebrates January 28 as Data Privacy Day every year. The significance of data privacy has been increasing with every passing year. The commemoration of January 28 as Data Privacy Day further helps to amplify the need and spread awareness of data privacy in today’s digital age.
Although it was on this day in 1981, when the Convention 108 – the first legal international treaty on data privacy and protection was signed in Europe, it took almost 27 years for the tech and software industry and businesses to come together to commemorate it as Data Privacy Day.
For tech and software companies celebrating the Data Privacy Day may be far easier in today’s time rather the actually following its principles and practically implementing a data privacy policy in their organisations. However, hereby some of the world’s biggest tech and software organisations share their perspectives and insights on how they are dealing with data privacy and what Data Privacy Day means to them.
Data Privacy Day 2024
With the ‘Take Control of Your Data’ theme, Virtusa Corporation CIO Ramaswamy P V says that the global IT company is marking Data Privacy Data 2024 and is reinforcing its commitment to data security and privacy.
“We know the challenges organisations are facing in safeguarding sensitive data amid the rising threat of cyber breaches. Underscoring the paramount importance of information protection, Virtusa navigates the dynamic digital landscape, enabling organisations to assert control over their data assets,” Ramaswamy adds.
Further, “Recognising the complexity of data ecosystems, including cloud services and mobile devices, we address this challenge through our comprehensive solutions, prioritising data protection to empower businesses in confidently navigating the digital realm,” shares Ramaswamy.
Interestingly, Dell Technologies considers data privacy as the top priority of every business today. “Data privacy is every business’ top priority, as we move into an increasingly digital and connected world. This necessitates the need to protect our data from any potential cyber threats. Data Privacy Day is a reminder to pay attention towards safeguarding personal information in our interconnected digital lives,” says Ripu Bajwa, Director and GM of Data Protection Solutions, Dell Technologies India.
Cybersecurity Measures
“Need of the hour for organisations is to ensure effective cybersecurity measures are in place, as it’s becoming even more important in the times of digital transformation, cloud computing and remote work expansion,” adds Bajwa.
“Organisations need to implement a holistic approach towards developing and implementing robust cybersecurity and data protection strategies,” Bajwa emphasizes the need for cybersecurity and data protection strategies.
Strategic Imperative
In the era of digital transformation, information is the currency of progress, according to Anant Deshpande, Regional VP of India and SAARC, DigiCert – a digital security company. He says that in the current landscape, securing sensitive data is not merely a compliance measure but a strategic imperative for any organisation.
The foundation of data protection, in Deshpande’s view, is not just about safeguarding information but it is about empowering entities to unleash their full potential securely. “Data Privacy Day serves as a reminder of the paramount importance of digital trust,” he comments.
While the significance of data protection and privacy remains utmost, it is also interlinked to cybersecurity and managing security risks in organisations. This demands organisations to have a proactive approach with robust cybersecurity practice.
Security and Risk Management
Businesses must champion a robust cybersecurity practice that includes both security and risk management, according to Scott Register, VP of Security Solutions, Keysight Technologies – an electronics test and measurement equipment maker and software provider.
“While security aims to put technology and tools in place that prevent a breach, risk management is focused on minimising the risk and potential damage,” says Register, adding that security solutions alone are not always enough.
“Businesses need to ensure, this is complimented with rigorous data encryption, and ongoing education in order to address data privacy with a holistic view,” explains Register.
Data Privacy – A Shared Duty
In Register’s view, this proactive approach empowers individuals and organisations to fortify their digital presence. He says that in a landscape where data propels innovation and fuels progress, the mantle of protecting privacy becomes a shared duty.
“Keysight acknowledges the critical role of ensuring the security of digital ecosystems, which calls for a collective commitment to maintaining the highest standards of data privacy,” Register emphasizes on collective commitment to secure digital ecosystems.
“Data privacy is not merely a principle but a shared reality,” Register comments.
Challenges
In today’s data-driven business environment, the extensive dependence on data, along with its versatile and valuable applications, makes it an attractive target for cybercriminals, according to Shuja Mirza, Director of Solutions Engineering, at NetApp India – a data infrastructure company.
“In an era where adoption of advanced technologies like AI is on the rise, enterprises are grappling with concerns surrounding massive data collection, privacy, and security. Businesses, now more than ever, need to deploy data privacy tools to navigate these challenges effectively,” says Mirza.
“And hence, data privacy is a crucial aspect for us when it comes to processes and product offerings – that is, both internally and externally,” Mirza shares.
He recommends a comprehensive and preventive approach to data privacy and data protection, including solutions that have built-in features that protect and secure primary data. “ All through data storage and management strategies, data privacy must be non-negotiable,” Mirza states.
While governments around the globe push to enact data protection laws, Data Privacy Day cautions that today’s cybersecurity landscape poses one of the most significant threats to privacy, according to Drew Bagley, VP and Counsel Cyber Policy and Privacy of CrowdStrike – a cybersecurity technology company.
Align Privacy, Cybersecurity Strategies and Responsible AI
In Bagley’s view, this day is also a reminder that aligning privacy and cybersecurity strategies is especially critical as generative AI tools continue to span enterprises. He considers that responsible AI use could be critical against cyber incidents and security risks.
“With every ground-breaking technology, there are new opportunities and risks organisations must be aware of and should anticipate. Notably, responsible AI can be a game-changer in protecting data against breaches,” Bagley opines.
“However, AI that lacks privacy by design can introduce risk. In parallel with emerging regulations, organisations must have visibility into the types of generative AI being introduced into their environments and an understanding of the use cases,” Bagley points out the less talked about aspects of generative AI and the security risks involved with it.
Generative AI
While the AI wave has begun to make early inroads across businesses, the tech and software industry is betting high on GenAI. The fact remains that cybercriminals are leveraging AI to carry out more advanced cyberattacks than in the past — that’s alarming.
“Currently, India ranks among the top three most targeted APAC countries for cybercrimes, with the prominent factor being the surge in Generative AI,” says Balaji Rao, AVP of India and SAARC, Commvault – a data protection and data management software company.
AI-powered Cyberattacks
Citing PWC-conducted study findings, Rao points out that nearly half of the respondents fear the consequences of a cyberattack, foreseeing potential losses in customer data and revenue. “The increase in AI-powered cyberattacks in India raises substantial concerns, highlighting the urgency for organisations to redirect their focus toward data governance and privacy,” he cautions.
“In today’s era dominated by generative AI, integrating AI with data protection is imperative for solidifying cyber resiliency, and enabling faster and more precise threat detection,” adds Rao.
Structured AI Strategy
Further, “The objective of this day is twofold: a reminder for organisations to embrace a more structured strategy regarding AI to counter new threats and for users to understand the power to protect personal data,” Rao emphasizes on structured AI strategy to check new threats and attacks.
“The surge in sophisticated data breaches and AI-powered cyberattacks highlights the urgent need for comprehensive data security and privacy measures. As per a popular study, global consumers distrusting tech companies managing their personal data has risen to 48% in 2023,” says Jayaprakash Nair, Senior Engineering Leader of Data Science, Altimetrik – pure-play data and digital engineering solutions company.
Prioritise Stakeholder Privacy
“Organisations are bound by legal obligations and are responsible for fortifying defenses and implementing proactive strategies to protect sensitive data. Prioritising stakeholder privacy is a central focus, realized through a comprehensive, proactive, and risk-based data privacy strategy,” adds Nair.
In Nair’s view, the objective of this day encompasses two key aspects. First, recognise every user’s right and capability to safeguard and oversee their data. Second, emphasize the importance of organisations understanding the reasons for safeguarding and securing their customers’ data, including Personally Identifiable Information (PII).
Collaborative Efforts
“Achieving harmony between innovation and data protection demands collaborative efforts from industry stakeholders, policymakers, and an informed public,” states Nair. “Altimetrik believes that responsible and ethical data practices not only safeguard individual privacy but also build the foundation for sustainable business success,” he shares.
Most executives have looked at data privacy and data protection through the lens of cybersecurity and risks. However, Sandeep Bhambure, VP and MD of India and SAARC, Veeam Software – a disaster recovery and data protection software company, considers data privacy beyond the cybersecurity realm.
“In an era where data emerges as an increasingly valuable asset and data privacy concerns gain prominence in India, it has become imperative for organisations to protect their data from cyberattacks, natural disasters, human error, or lapses in cybersecurity procedures,” says Bhambure.
“The unfortunate reality of data loss poses significant risks to an organisation’s reputation and revenue,” he adds. Data protection budgets are expected to grow by 6.6% in 2024, as per Veeam Data Protection Trends Report 2024. Bhambure citing the report, points out the importance of data privacy and how crucial it is for organisations to safeguard their critical data to ensure business continuity.
No Real Impact
In the tech and software industry, it is a well-accepted norm to have comprehensive data strategies. That includes the aspects of data privacy, protection, storage, access as well as security. However, organisations with such data strategies will have no real impact unless they are well implemented and practised thoroughly.
“The first step in any such effort is defining a set of policies about what can be shared, how it can be shared, and by whom,” says Allon Mureinik, Senior Manager of Software Engineering, Synopsys Software Integrity Group – an electronic design automation (EDA) software and services provider.
“And second, having such a policy in place is all but useless if it isn’t shared with the employees and training isn’t offered so they understand their role in protecting the company’s private data,” adds Mureinik.
He reckons that any such policy should assess the risk any data exposure would create and weigh it against the potential benefit. “The important part of this training isn’t just memorising rules and regulations, but having the employees truly understand the intent behind them, and what they are supposed to achieve,” concludes Mureinik
By the end of 2024, 75% of the global population will have its data covered under modern privacy regulations, according to Gartner predictions in May 2022.