Pandemic Data Protection and Privacy Issues: 3 Lessons Learned from COVID-19
The global health crisis has pushed data protection and privacy issues into the spotlight. Here are three takeaways from ADP's recent "By Design Security and Privacy Symposium," where speakers offered lessons to help organizations cope with evolving issues of compliance and cybersecurity.
It's no exaggeration to say that COVID-19 has fundamentally changed the security landscape. With millions of employees still working remotely and security teams having to protect disparate network architectures, malicious actors now have an entirely new environment to exploit.
From pandemic-related phishing emails to account compromises to critical data theft, the last year has been unlike any other for many security teams. ADP's recent By Design Security and Privacy Symposium tackled numerous data protection and privacy issues head-on with three keynote sessions that explored what's happening right now, what enterprises should expect and what steps they can take to minimize security risk as the global health crisis continues to evolve.
Here are three overarching lessons from the symposium:
1. The only constant is change
Carlos Rodriguez, ADP's President and CEO, offered a sobering snapshot of the shifting pressures teams have been facing. "We have seen more changes happen more rapidly with more impact in the past 15 months than possibly ever before," he said. And the period of drastic change isn't over yet. As organizations gear up for a return to some semblance of normalcy, there's a need for new approaches that deliver security by design.
Two forces are driving constant change in the current setting: the uptick in malicious activity — such as the recent Solar Winds and Colonial Pipeline attacks — and the evolving regulatory landscape, which is being influenced by legislation such as the California Consumer Privacy Act (CCPA), Brazil's LGPD and Singapore's Personal Data Protection Act, which includes mandatory data breach notifications.
Effective navigation of this evolving security environment requires a foundation of resiliency and honesty. While new attack vectors, emerging laws and mounting challenges around remote work demand ever-changing privacy protections and staunch data defense, Rodriguez distills this complex situation into a single sentence: "It's all about trust."
2. All hands must be on deck
The Symposium's second keynote featured ADP Global Chief Privacy Officer Cècile Georges and Chief Security Officer Dave Martin. According to Martin, success in security requires all hands on deck for a multi-disciplinary approach. "We had to go very quickly from preparation into managing and scaling our response to bring in additional skills and resources to manage whatever we were facing," he says. This meant taking on safely moving staff to remote work while building out resiliency to ensure clients were supported at the same time.
Georges, meanwhile, spoke on the impact of evolving security and privacy laws across organizations' operations. The biggest challenge? Complexity.
"In some instances, privacy requirements are somewhat conflicting with policies that our global teams would like to implement," Georges explained. She also noted that 130 countries worldwide now have comprehensive privacy laws, which presents significant difficulties, even for experiences security teams.
It's therefore critical for enterprises to bring on trusted third-party providers to help bridge the gap and ensure they have the right people in the right places to address region-specific privacy requirements without losing their global focus.
3. Seeing both the forest and the trees is imperative
Journalist and retired CNN National Correspondent Deborah Feyerick closed out the keynote speeches with her presentation on the challenges of global decision-making in an era of eroding trust and how businesses can go beyond the headlines to make better decisions. For Feyerick, these issues come down to the geopolitical landscape, as every business is now multinational, and global forces can impact business outcomes for all.
Feyerick defines geopolitics as "the underlying forces — past, present and future — that shape and define our world and influence strategic decisions for the desired outcome." In practice, national identity and cultural norms can sway geopolitics considerably, but the actions of leaders also play a large role. "People with money and power want to keep both and will do whatever it takes to keep them," as Feyerick put it, and these tendencies are causing global trust to erode.
This presents a dual challenge for enterprises: While global teams must account for social, economic and cultural factors when they make strategic decisions, they must also account for the impact of worldwide events, such as the global health crisis, and how countries report on and respond to these events. These internal assessments can have significant effects on data protection and privacy issues. While some nations are looking outward for support by broadening their data horizons, others are turning inward with more restrictive controls around the collection, use and storage of data.
As Feyerick noted, "Any business operating in a global market will be impacted by geopolitical events," and our thoroughly connected environment demands strategic use of both privacy and security data to protect business interests and accounts — with consideration for both the forest of global forces and the trees of local narratives.
Evolving security through time and place
While each keynote at the symposium targeted a different facet of data protection and privacy issues, they shared a thematic connection: security through time and place.
Organizations must understand that security is no longer a moment in time or a point in space. As the pandemic has demonstrated, both employees and attackers are fully capable of working anytime, anywhere and under any conditions. For enterprises now navigating a return to on-site work and the reality of hybrid staff solutions, security cannot be maintained through a single solution or a simple fix. Instead, new and more effective policies, practices and impact assessments must be continuously developed and faithfully adopted to create a culture of shared responsibility, enhanced resilience and global trust.
The global health crisis has created new security issues and exacerbated existing challenges, resulting in an entirely new landscape driven by constant change. In a post-COVID world, organizations must work to build and bolster trust on an ongoing basis by focusing on resilience, ensuring all hands are on deck to deliver improved responses, and examining issues of data privacy and data protection through multiple geopolitical lenses.
Looking to enhance data privacy and protection within your organization? Launch the on-demand 2021 ADP By Design Security and Privacy Symposium today for more actionable insights.