NIST Privacy Framework : Our Essential Data Protection Guide

Close

Go Beyond Prioritizing Data Security and Privacy

Practical advice for implementing data protection tools

Sweeping data privacy regulations are a catalyst for more significant data protection measures across organizations. Complying with regulations can be complex, but organizations recognize the benefit of implementing core components, such as processes, tools, people, and policies that help protect personal data. This article will share best practices for implementing a solution for flawless data protection.

Understanding the requirement and purchasing a tool is an enormous undertaking, but after you procure the winning solution, what are some of the challenges you can expect?

Data Protection Implementation Challenges

It turns out, one of the biggest hang-ups is that many organizations never fully implement the tool they buy. Barriers to tool implementation may include lack of leadership support, inadequate resources, inadequate role and responsibility clarity, or loss of motivation post-purchase.

Whatever the reason, remedying the hurdle and taking full advantage of implementation services quickly after procurement is critical to success.

Start with solution rollout best practices and operational training for administrators. Training includes IT installation tasks and techniques for discovery, classification, and remediation. Following implementation, administrators should easily discover the organization’s personal data wherever it lives and apply classification labels to manage it appropriately. But what about remediating personal data once it’s found and classified?

Discovery and classification actions are relatively easy “wins” because they are largely transparent to end-users. This is an excellent opportunity to demonstrate solution value and ROI early on. But the most significant value is realized when we do something to protect personal data. Remediation actions like redaction, shredding, and quarantining data based on its classification can reduce or eliminate your personal data footprint and keep the data safe.

The challenge with implementing remediation actions is that they are not transparent to end-users. Remediation removes or relocates sensitive information wherever it is found – including on employee’s desktop PCs. For example, an employee saves their new mortgage application on their work PC. The sensitive data in the file causes it to be quarantined and moved to a more secure location. A vital file’s unexpected relocation can be understandably frustrating, especially if the employee is not expecting it.

Negative impact on employee productivity and an influx of IT support tickets may lead organizations to shy away from implementing remediation actions. Moreover, in some organizations like higher education, faculty unions may push back on discovery and remediation actions they see as invasive.

The Key to Effective Data Protection Implementation

How do you balance the need to reduce your personal data footprint while ensuring employees are satisfied and productive? The answer is easy. You need to explain why these solutions and processes are essential. Most people are not careless with data because they’re negligent; data protection is not top of mind for employees.

Data breaches are regularly in the headlines. Most employees already understand that exposing any personal data is a big problem. The message to your staff is that they have an opportunity to be part of the solution.

Organizations with data protection educational messaging and how-to tips will have much better success implementing remediation actions. Implementing process and tool changes can be tough to do exclusively via email. Be sure to meet employees where they are, whether on Slack, Teams, or SharePoint.

If you’re still having trouble getting buy-in, try other low-impact commonsense initiatives, like shredding temporary internet files cached by web browsers. Then, move on to removing old items in the downloads folder that may contain personal data. Setup targeted scans that look for a narrow set of data to take action on. Advertise the success your organization has had finding and removing personal data from these early initiatives.

Over time, you can build a data protection culture. The most successful organizations have strong executive sponsorship to help strengthen that discipline. Progressive organizations create HR policies for employees to keep data from wandering where it doesn’t belong. A breach can (and will) happen at any time. It’s just a question of what the bad actors will find on that employee’s computer – hopefully, nothing.

About the author

Aaron Stine, Senior Product Manager at Spirion
Aaron has over 20 years of experience in the software industry, selling his first commercial product at seventeen. As an innovator, Aaron created the world’s first web-based vision insurance EDI platform and the world’s second web-based document management system. He has also built ECM, workflow, and electronic signature solutions. Today, he specializes in delivering the most valuable data privacy, security, and data subject rights solutions.