On January 28, the industry takes a moment to recognize the sensitive nature of personal information with International Data Privacy Day—raising awareness and promoting privacy and protection best-practices. In this data-driven world, managing personal information appropriately has never been more necessary, or required—as the emergence of new regulations should attest—though it’s becoming increasingly difficult to do so.
The digital transformation of everything continues. We’re 25 years down this road and there’s still no end in sight. This ‘Era of More’ digital continues to drive more data—IDC predicts worldwide data volumes will reach 175ZB by 2025. More digital drives more reliance on data as well, which then drives more governance, especially in the case of personally identifiable information (PII).
And therein lies the conundrum. The digital world we know is built on a mix of disparate infrastructure systems comprised of old and new technologies across physical, virtual, and cloud. Data (and PII) spans every silo and pools in parts unknown. Because of this, more than 52% of enterprise data is considered ‘dark.’ Meaning, no one has a clue if this dark data is valuable, if it’s trash, or if it’s a potential liability. How do you prove compliance to regulations mandating PII governance, when you don’t even know if it’s PII or not? Indeed, our pursuit of digital greatness has created a data landscape more complex than anyone could have imagined.
Unfortunately, increased difficulty does not negate the penalty for non-compliance. With a total of €428M in fines levied under GDPR alone in 2019, businesses need to find a better way. And it’s no longer just GPDR that we need to get our heads around either. Governments everywhere are introducing legislation to protect the personal information and privacy interests of their citizens:
The first major U.S. based privacy regulation - California Consumer Privacy Act (CCPA) - went into effect on January 1, 2020. A national regulation for the US is very likely as other states are already following California’s lead.
So, how do you achieve success? At Veritas, we believe managing data privacy in a world where it’s harder and harder to do so requires a shift in approach. Digital transformation pushes us to be data-driven in just about everything we do. So why not in data privacy? Think of it this way: let’s use data to manage data. This starts with visibility. You have to know what data you have, where it exists, and whether or not it's PII. Without this information, proving compliance is dead on arrival. At Veritas, we accomplish data visibility through a solution we call Information Studio. With support for over 25 direct sources + another 500 data sources via NetBackup, Veritas’ flagship data protection solution, Information Studio provides an immersive visual rendering of your data environment across hybrid architectures. This makes identifying PII in places like OneDrive, SharePoint, or legacy filers extremely simple. No more dark data.
Classifying the data is the next step. Data classification is an automated capability embedded across Veritas’ Enterprise Data Services Platform, including Information Studio mentioned above, as well as Enterprise Vault and EV.cloud, which brings this capability to an additional 80+ communication source. Data classification informs additional data management and protection policies and can help keep PII data from going outside your organization, including into the public cloud if necessary. This helps to reduce the risks of PII exposure and incurring fines that naturally follow.
But as we mentioned above, we’re talking 175ZB in the next 5 years. With the average number of files per petabyte just over 3 billion, 175ZB equals 525 quadrillion individual files. Plainly, ‘manual’ is not an option. These processes need to be automated.
Part of what is celebrated during International Data Privacy Day is the development of tools that give individuals control over their PII data. Individuals exercise their right of control through things like Subject Access Requests (SARs). With dark data eliminated, and PII data classified appropriately, addressing these requests is simple with our eDiscovery Platform, which enables deletion and extensive bulk redaction capabilities prior to producing content.
All of these solutions and more are part of the Veritas Digital Compliance Portfolio. In celebration of International Data Privacy day, let us reaffirm our commitment to developing the capabilities that help ensure the responsible management of personal data. Start with visibility. Enable classification. And regain control over data.