This year at least five new “rights-based” data privacy laws will become enforceable in the United States at the state level, including the California Privacy Rights Act (CPRA). These new laws reflect the changing landscape of data protection and differ from traditional data protection laws in that they confer a set of rights to individuals, such as the right to a copy of personal data held by businesses and the right to have it corrected or deleted.
The development of rights-based privacy laws continues at the state level with 50 such bills considered during the 2022 legislative session while Congress continues to debate the elements of a potential federal privacy law. As more data privacy laws come on board, companies will be required to step up their data protection procedures. Many are already doing so, as Forrester Consulting reported, with 75 percent of companies recognize that data privacy is a competitive differentiator and 79 percent say adding data privacy and compliance systems is now an IT priority.
Providing high levels of data protection needed to meet compliance regulations, as well as consumer demand, requires finding the right data protection solution. But with hundreds of solutions available to choose from, the search can be a daunting task. While each organization will have different needs for its data protection solution, there are some basic factors to consider when comparing the options.
What are you protecting?
Yes, you are protecting your data, but what data? Is it all data or sensitive corporate and PII data? Are you worried about data privacy, data confidentiality, ediscovery, or data lifestyle management? Overall, your data protection solution should be able to complete basic tasks such as:
- Ability to discover and protect structured and unstructured data across your entire network, including cloud, mobile, and IoT
- Classify data for its level of sensitivity and its location
- Recognize the context of the data to operationalize it
- Control data for storage, destruction, and access
What do you want the solution to do?
Some data protection solutions specialize in backup and recovery while others are designed to protect data in hybrid cloud models. Others ensure you are always compliant with industry and government regulations. When comparing solutions, make sure the solutions are engineered to conduct the specific tasks you need. If you are looking primarily for a data loss solution, do you need to be investigating software that offers edge security?
Know your existing infrastructure
The data protection solution should interact seamlessly with your existing architecture to avoid any potential vulnerabilities or snags in applications working together. Knowing your existing system will help prevent redundancy of tasks. However, the caveat is if the new solution is an upgrade or allows the entire system to run more smoothly, you may want to consider the new option. But overall, if the current task works fine, build with it, not on top of it.
Think about the future
If your company grows, your data protection solution should grow with it. Consider options that offer high levels of scalability so it can grow as the company grows. Short-term and long-term goals should both be considered with any software or cybersecurity solution, but especially in a data protection solution, which should be able to meet current data privacy, compliance and confidentiality issues, as well as be able to expand to meet the newest laws as they are implemented.