When it comes to implementing data privacy and meeting compliance requirements, organizations shouldn't think of it as a cost but rather as an opportunity to grow the business.
That's a key finding in the Cisco 2019 Data Privacy Benchmark Study, released on Jan. 24. The report is based on a global study of more than 3,200 global security and privacy professionals around the world. Among the high-level observations in the study is that 97 percent of businesses reported they receive auxiliary benefits from their privacy investments, including competitive business advantage.
"Not only is privacy good for business, but good privacy is great for business," Michelle Dennedy, chief privacy officer at Cisco, told eWEEK.
Dennedy added that organizations that are investing in the people process and technology around data privacy management and awareness are seeing improved business outcomes.
Data privacy has a direct impact on the sales process, with organizations often encountering sales delays due to customer data privacy concerns. The good news though is that organizations' improved focus on data privacy has reduced the average sales delay due to data privacy concerns down from 7.8 weeks in last year's report to 3.9 weeks in 2019.
Among the most impactful privacy events in recent memory is the implementation of the European Union's General Data Protection Regulation (GDPR) which went into effect in May 2018. With GDPR, organizations in the EU and those that do business in the EU are mandated to comply with data privacy regulations that carry stiff penalties for noncompliance. The study found that 97 percent of global respondents believe GDPR applies to their organization.
When it comes to compliance, the Cisco study found that 59 percent of surveyed organizations are currently meeting most or all GDPR requirements. An additional 29 percent of organizations expect to be compliant with GDPR within a year.
Dennedy commented that GDPR has had a tangible impact on data privacy practices and attitudes around the world.
"I think the interesting thing is when you see places like Japan and China and other places all responding and we see how intricate that data is around the globe," she said.
One way to improve data security is not collecting some forms of personally identifiable data in the first place, some privacy experts recommend. After all, if data is not collected, then it can't be lost or stolen.
"Maybe we should have the KonMari approach to data curation: Does this data bring you joy? And is it working for you?" Dennedy said.
The KonMari method is an approach to keeping a space tidy developed by Marie Kondo and popularized in her books and Netflix show.
In recent years, many organizations have been collecting more data and treating that data as an asset, according to Dennedy. The evolution of the concept of big data, which analyzes troves of unstructured data, is one of the many offshoots of the data collection culture that has developed, she said.
"It turns out if you haven't curated your data, you don't know your data sources and you aren't thinking about what data you should have, what data you need and what outcomes you want based on data," Dennedy said. "If you can't answer those hard questions, then you don't have a data lake—you have a swamp, and it's a stinky one.
"I still advise people, if you don't need it, don't collect it," she said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.