- Security TWENTY
- Women in Security Awards
Data Privacy Week is a chance for businesses to review their relationship with data and privacy, says Jez Ward, Enterprise Cloud Strategist at Cloudreach. He believes that although the cloud can offer greater data protection, it isn’t a one-size-fits-all solution.
Data Privacy Week and Data Privacy Day serve as a reminder to both businesses and the wider public that we live and work in an era where data security shouldn’t be taken for granted. The aim of the week, arranged by the National Cybersecurity Alliance, is to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust. Although a key focus for this is tips and tricks for consumers, what does this mean within the B2B landscape and what trends should businesses be looking out for?
“Data Privacy Week gives us all the opportunity to reflect on our relationship with data and assess how we can achieve greater data protection. In turn, this allows for enhanced data privacy. One of the best ways to ensure your business is up-to-date with the latest regulations such as GDPR, PCI-DSS and CCPA, is to be working with the most suitable cloud provider. This also ensures that your organisation is protected against emerging threats. However, this shouldn’t be seen as a quick fix. It is always essential to review contacts and documentation carefully so that you understand the cloud provider’s offering and architecture thoroughly before your business begins implementing controls.
“Although cloud providers are highly agile and can offer a large portfolio of services, business needs are also highly individual and often require bespoke solutions. To get the most out of their relationship with their provider, businesses should aim for a shared responsibility, to ensure that their data is being stored in keeping with compliance requirements, and to maintain good governance procedures – this is a key step on the path towards gaining greater data protection and privacy.”
As Ward points out, it is vital to stay abreast of the latest regulations. Neil Stobart, VP Global Systems Engineering at Cloudian points towards maintaining compliance with data privacy frameworks, which can be trickier than it sounds due to local regulations. He says: “It’s vital organisations regularly look at their data structures and ensure they’re able to adapt to the latest regulations and changes to existing data privacy frameworks such as GDPR and the CCPA. This is especially important with the surge of cloud adoption across the pandemic. When personal data is shared among users and stored in the cloud, users can lose fine-grained control over said data.
“This can have an impact when, for example, a business receives a data subject access request (DSAR), an important cornerstone of GDPR. If they receive this and do not have granular control over their data they may not be able to find all instances of the information, which could result in sanctions and fines. Additionally, for data to remain sovereign and to be protected by national laws it needs to be stored on-location in the country in which it was collected. That is why organisations need to look at their cloud storage options, including sovereign cloud providers. They should also consider utilising an on-premises, cloud-native storage solution for the backup and archiving of data. This offers the scalability and flexibility of public cloud in an on-prem system, giving the organisation full control in complying with data protection requirements.”
One key element of maintaining online privacy is security when browsing the internet. However, our relationship with our browsers is about to change due to the discontinuation of cookies. What will a post-cookie world where marketers still aim to share highly personalised adverts, but without the benefit of insights from cookies, look like? Dirk Wischnewski, CMO at B2B Media Group believes that IP-based targeting will be commonplace, but stressed consent is vital to its success:
“With Google Chrome’s FLoC (Federated Learning of Cohorts) and FLEDGE (First Locally-Executed Decision over Groups Experiment) projects within its Privacy Sandbox being put on hold in Europe, there’s even more uncertainty surrounding the future of the third-party cookie in Google Chrome.
“IP-based targeting could be a solution for B2B marketers running targeted ad campaigns. By using an established methodology called reverse IP tracking technology to query the domain name system associated with an IP address, B2B marketers can gain access to the top-level domain data that IP produces, like the company name of the business hosting that IP.
“For IP-based targeting, it’s important to make sure that the only data used is the one that the users have given their content for. Consent is also critical when obtaining an IP address in a compliant manner. To go beyond the IP address and gather more precise information for people-based targeting – such as job roles to target specific job titles – B2B marketers need to implement a lead form that asks for consent and more specific details. With this information, B2B marketers can reach the exact job profiles and company departments their content is suited for, ensuring that their campaigns are precise and relevant.
“However, Apple’s decision to mask IP addresses as part of its privacy protection features in iOS 15 has cast uncertainty over the longevity of IP-based advertising – not just on Apple devices, but also in other browsers and on Android devices. While its ‘Intelligent Tracking Prevention’ gives users better control of their data, it makes IP identification a considerable challenge and welcomes more legal complexities for those wishing to deploy IP-based targeting across numerous devices.”