The importance of data privacy in your organization

Hand increasing the protection level by turning a knob
(Image credit: Shutterstock)

From high-profile celebrity hacks to social media whistleblowers and COVID-19 scammers, data privacy is a topic that reached just about everyone in 2021. While the general public may be concerned with maintaining their digital identity, businesses –– especially small and medium businesses –– and other organizations need to consider data privacy as a priority that can determine their success moving forward. 

About the author

Frédéric Rivain, CTO, Dashlane.

A comprehensive and holistic approach to data privacy is critical to instill consumer confidence in your brand, maintain a trusting relationship with vendors and partners, ensure employee privacy, and remain compliant with regulatory and professional standards. Data privacy must be backed by strong cybersecurity practices. Data Privacy is a Priority on the Global, National, and Local Levels

According to the National Law Review, 65 percent of the world’s population will have its data covered under modern privacy regulations by 2023. This is a massive jump up from 10 percent in 2021, indicating the priority governments worldwide place on data privacy.

In May of 2021, US President Biden issued an executive order indicating that “the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The administration followed that up with subsequent National Security Memos in August 2021 and January 2022, designed to “encourage, develop, and enable deployment of a baseline of security practices, technologies, and systems that can provide threat visibility, indications, detection, and warnings.”

The high priority placed on security and data privacy at all levels of government is commendable. However, the patchwork approach to data privacy regulation, no matter how well-intended, is a potential minefield for organizations that have not historically taken data privacy seriously.

Making data privacy a priority in your organization

Understanding the rules and regulations of data privacy in the markets where you collect data and/or do business is just the baseline for organizations that prioritize data privacy. To truly impact the way data is protected and secured, organizations need to take a holistic approach, including policy, process, technology, and training.

Define your company privacy stance

As a company, it is important to establish the key privacy principles that guide how you offer your service or build your product for your customers, so that there is an alignment across the organization on how everybody should think about data privacy, from product & engineering to sales & marketing. One way to do it is to write an internal Privacy Stance, that any employee can reference and use as a decision helper.

Create a culture of security

The first line of defense for data privacy is to create a culture of cybersecurity within your organization. Employees need to understand their roles in protecting your company’s data and IT resources, become active participants in ongoing security conversations, and have the tools they need to maintain good security habits without impeding their work. Organizations with a strong security culture will:

  • Help employees understand why they need to maintain good password habits.
  • Actively and frequently discuss the importance of having a security culture at your company. 
  • Instill the understanding that data privacy and security are everyone’s job (not just IT) because only as good as the weakest link. 
  • Walk employees and admins through all your privacy and security apps and tools, and ensure they understand how and when to use them.

Train employees on what data privacy is and how to report suspected breaches

Employees who receive comprehensive data privacy training tend to view it as more of a priority and understand its importance to the organization. At a minimum, employees who handle Personally Identifiable Information (PII) should receive training on recognizing and protecting that data.

Employees should also be made aware of the trends in phishing scams –– the pace of modern business leads employees to look for shortcuts or not follow proper procedures regarding data privacy. This is one of the areas that cybercriminals love to exploit.

Data Privacy breaches aren’t always some grand hacking scheme by malevolent outside actors. In fact, research from Verizon in 2021 suggests that insiders are responsible for approximately 22 percent of all security incidents. Examples of data privacy breaches may include:

  • Accessing personal or sensitive data by an unauthorized third party (vendor, partner, other customers). 
  • Sending personal data to an incorrect recipient (such as the wrong mailing or email address.) 
  • Losing control of devices such as phones, laptops, or memory drives that contain personal data. These devices could be lost, stolen, or hacked, but once they are out of your control, they are considered breached. 
  • Alteration of personal data without permission. This could be a deliberate or accidental action by someone who controls or processes personal data.

Any of these scenarios can be considered data privacy breaches, and it is critical that employees understand when to report these breaches and how to do so without fear of reproach.

Implement processes and technology to make employees' lives easier

If everyone in your organization is responsible for data privacy, then they all need the right tools to do the job. In many cases, organizations attempt to secure data using a “one-size-fits-all approach” that combines existing off-the-shelf software with generally reasonable password policies and other regulations.

According to a comprehensive report presented to the Network and Distributed System Security (NDSS) Symposium, “This approach often fails, resulting in software that does not address the most pressing vulnerabilities of the organization and in policies that are hard to follow in practice and engender workarounds. The workflow of the organization is often a major reason for the poor fit.”

One of the biggest changes in information security technology over the past few years is the consumerization of technology. Employees need simple to use security tools like password managers, end-point security, and antivirus software that help them secure their on-premise, remote, and hybrid work stations and mobile devices.

One of the advantages of using web-based security technology is that it can enable analytics and other monitoring tools to help track and measure your progress. For example, some offerings have a password health feature that can track company-wide password security scores over time.

Walking the data privacy walk

Data privacy tools are not a band-aid to cover up poor cybersecurity literacy. Organizations have to implement a culture of security that brings policy, procedure, training, and technology together in a way that impacts every interaction – internal and external – with sensitive data.

Smart organizations that implement a holistic approach to data privacy are well suited to succeed. They can reduce their risk, improve compliance, strengthen customer relationships, and foster goodwill and cohesiveness among their employees.

Check out our article on the best identity management software.

Frédéric Rivain, CTO, Dashlane.

Read more
Young woman holds a smartphone with a beam of light obscuring her eyes
Privacy powerhouses: 5 apps to take your online security to the next level
Abstract illustration of a young woman looking at a smartphone, as large eyes peek through from her hair
Want to hit restart on your online presence? Here's 5 tools you need to stay truly private online
Collage of a group of people using smart phones in city, with TechRadar Data Privacy Week 2025 logo on the top right
Data Privacy Week 2025 – expert advice, tips, and experiences to use in the everyday
Abstract winter forest design with glowing pine trees on dark starry background
Season's cyber-cleanings: how to tidy up your digital footprint
Cloud, networking and internet
Under the hood of data sovereignty
Concept art representing cybersecurity principles
How to combat exfiltration-based extortion attacks
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in Features
Sigma BF silver camera in the hand at The Photography Show, UK
I tried the Sigma BF camera everyone is talking about – it's truly stunning, but has one fundamental flaw
Pia holding a camera and smiling at something off camera in Picture This.
Picture This is Prime Video's #1 movie, but it hasn't captured everyone – here are 3 more rom-coms to watch instead with over 85% on Rotten Tomatoes
The Deepal EO7 from the side, an SUV and pick-up truck combo
I drove an electric SUV that transforms into a pick-up, and it’s as fun as it is functional
Robert Pattinson in a space suit in Mickey 17
3 Bong Joon-ho movies to stream after you've watched Mickey 17, including 2020's Best Picture winner
Willem Dafoe in Mississippi Burning
5 great free movies to stream on Tubi, Pluto TV, Plex and more this week (March 10)
Pictory
What is Pictory: Everything we know about this business-focussed AI video generator