EXTEND’s Steve Henn recently sat down with Paul Starrett of PrivacyLabs to discuss the ways data privacy and information security are interconnected, a modern take on managing compliance across both focus areas, and the four questions companies should ask themselves as they work to protect the data their organizations create, handle, and store. Jam-packed with insights from two leaders who bring extensive AI, technology, information security, legal management, and data risk management expertise to clients, IT, InfoSec, Compliance, and Legal teams can leverage the on-demand recording to support their compliance initiatives.
The Future of Data Privacy and Information Security
Visit the PrivacyLabs website to hear the complete podcast or view a text preview below.
Very briefly before jumping the questions. I think one key note there that we’ll be expanding on here is that there are peripheral skill sets that need to be brought into the fray, if you will, to help to bring a coherence to raise that term. You’ll hear it again here. Great. Well, thank you. I just thought that was an important aspect of those two companies in the fact that you’re in charge of both from the revenue standpoint. So getting back to the main issue here of herding the cats is really turn that works well, laws, data, controls, enterprises have their own priorities and risks. And certainly, it’s an obvious statement that people want to be holistic, they want to be they want to address interconnection.
But with that said, Steve, in your background, and what your you and your companies are seeing, what are you seeing as sort of the biggest challenges right now with regard to information security and privacy, and this quest to be having a holistic, kind of coherent, well stitched together trusted environment?
Well, I think the biggest challenge is stemming from, and arise from, the environment we are in. We are in a highly aggressive cyber war right now.
And it used to be that, the hackers would focus on the large companies. And now they’re just simply not doing that. It’s expansive, whether you are enterprise, large company, middle market, SMB, you’re a target.
And to a certain extent that they realize now that the smaller the enterprise, a lot of times, the less resources that that enterprise has to apply to information security so that they’re going after them as a vehicle to get to potentially larger companies. So, I think that so that’s where the environment is.
Now, I will say that that one of the things I think is really interesting, as we start to transform the industry is: why do we continue to make a distinction between information security and data privacy? they’re really two sides of the same coin.
Years ago, maybe the Venn diagram wasn’t completely overlapping. But I don’t see how there’s any difference anymore between the two. And what I mean by that is, is if you think about the two of them, with information security, and at the risk of being tautological, you’re really looking at ways to secure your data information within the company. So, you’re thinking of that as a corporate function to secure your information stores.
Data privacy actually has a little have a couple of different contexts. One is if you’re if you’re within the corporation, like a data privacy officer, you tend to look at that function to be what are you doing and how are you complying with data privacy laws. So, Information Security tends to be technology focused, data privacy within the corporation tends to be run by a lawyer or have a legal focus.
Data privacy, if you’re external from the firm, they’ll mean something completely different, right? It’s from an individual’s perspective, the customer or the individual has provided data that they want to make sure is obviously secure and used in in a correct way.
Now, the reason I say that the we really can’t make distinctions anymore, is because…
Hear the complete podcast.
Criminal enterprises supported by nations have multiplied cyberwar attacks on commercial companies and other non-governmental organizations. How will the private sector react and respond to growing ransomware and resulting data breaches? Read part one of our multi-part series on The New Cyberwar.
EXTEND Resources helps organizations like yours secure their assets, create a robust security program, become certified for information security compliance, and continually improve their program to protect against evolving threats — including law firm and vendor risk. Contact us to learn more.