APJ Cybersecurity

Businesses Should Use Tools that Help Automate the Security Guard Rails”

Graham Pearson, VP and GM (A/NZ), Lacework

Is data privacy still relevant in the age of the internet and social media?
Whilst data privacy may cause some technical challenges for marketing and IT departments, it is an essential individual right. Some of us may willingly and knowingly choose to give away our anonymity, others do not. It may even be reasonable to assume that the majority of those giving up data privacy online, are agreeing to do so unwittingly through the lengthy and complex digital agreements in use with modern social platforms and online activity. Businesses have a responsibility to honour this and as result, the standard requirements are a requirement for privacy. 

For businesses wary of GDPR but at the same time determined to mine the promise of personalization – what is/are the strategy that benefits from the promise without the penalties of GDPR and local privacy laws?
Businesses should use tools that help automate the security guard rails – such as double opt-ins, good record-keeping for historical contacts and easy opt-out functions. Many marketing departments have access to these tools that make this easy. The greater challenge for businesses is to make sure once they have that personal information, they keep it secure. There is no point worrying about complying with GDPR when collecting information, only to have it all stolen.

In the context of today’s remote work and restricted mobility, does GDPR (and similar regulations) need to be amended to reflect the new normal?
Organisations have only recently bedded down robust practices around the current set of laws. To change the goal posts would create significant headaches for businesses without any real benefit. If organisations are collecting the data appropriately and deploying security to ensure they’re compliant, workloads secure and monitoring for anomalous behaviour (amongst other things) then the locality of the individual shouldn’t matter. The individual is still agreeing, willingly or otherwise, to have their data collected. Instead, emphasis should be placed on educating the individuals on how the murky world of data collection works so they can make better informed decisions about installing that app or signing onto that platform. 

How should the CMO work with the CIO in executing such an approach?
The whole cycle from collection to archive is one of technology. Both sides have to be aware of the data flows and residency of information. CMOs can’t be oblivious to the regulations and impacts and must coordinate efforts with CIOs to make sure they’ve mapped data flows and they ultimate land in the right place. The CIO has a broader role to ensure the infrastructure that holds this personal data has modern security and monitoring to keep that safe or the CMO will have a new responsibility to deal with the PR fallout of a breach. 

What is the better approach for organisations to ensure that their policies and strategies around customer engagement stay compliant with future data privacy rules?
Organisations should integrate their cross-functional teams more closely so that security and compliance practices are being considered from the start by marketing teams as they build or buy customer engagement solutions.

Related posts

Tech Data Acquires Orca Tech


CrowdStrike and eSentire Expand Partnership to Take Over Protection of Global Carbon Black Customer Accounts


A CISO Perspective on Implementing Cyber Resilience for Small to Large Law Firms