Data privacy and protection are increasingly capturing the attention of business leaders, citizens, law enforcement agencies and governments. Data regulations, whose reach used to be limited to heavily regulated industries such as banking, insurance, healthcare or life sciences are now burgeoning across countries and apply to any business no matter its size or industry, highlighting the importance of a concept called data sovereignty. Data sovereignty refers to legislation that covers information that is subject to the laws of the country in which the information is located or stored.
It impacts the protection of data and is affected by governmental regulations for data privacy, data storage, data processing, and data transfers across country boundaries. These laws are emerging as a key impediment to cloud-based storage of data, and they need to be fully understood and considered when information is created in one country but then moved to another country for analytics or processing.
Data sovereignty regulations address multi-dimensional challenges across multiple subject areas (customer, employee, citizen, prospect, visitor, job seeker, vendor), emerging data types (internet of things, log files, biometrics), diverse jurisdictions and rapidly changing laws.
Understanding the fair information practice principles
At the core of many of today’s data privacy laws is the concept of Fair Information Practices (FIPs), a set of principles for protecting the privacy of personal data. The eight FIPs (from the OECD guidelines on the protection of privacy) are listed below:
1.Collection limitation principle
There should be limits to the collection of personal data, and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
2.Data quality principle
Personal data should be relevant to the purposes for which they are to be used and, to the extent necessary for those purposes, should be accurate, complete, and kept up-to date.
3. Purpose specification principle
The purposes for which personal data are collected should be specified no later than at the time of data collection and should not be subsequently changed.
4.Use limitation principle
Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified, except with the consent of the data subject or by the authority of law.
5.Security safeguards principle
Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification, or disclosure of data.
There should be a general policy of openness about developments, practices, and policies with respect to personal data.
7. Individual participation principle
An individual should have the right to know whether the data controller has information relating to him or her.
A data controller should be accountable for complying with measures that give effect to the principles stated above.
Data protection, data privacy, and data security have become a major concern of citizens and governments worldwide. As a result, numerous data protection laws such as the GDPR in Europe, the CCPA (California Consumer Protection Act) in North America, and other legislation in APAC have been enacted or are close to be. Your organization will, most likely, need to comply with data privacy regulations.
Is your company ready to comply with data protection and sovereignty laws? This white paper by data governance expert Sunil Soares provides an overview of data protection and sovereignty legislation in APAC, Europe, and North America as well as a practical approach for compliance.
Download this white paper today to get your data infrastructure ready to comply with global data protection legislation. You’ll gain the ability to:
- Map critical data elements across datasets using metadata
- Foster accountability with data stewardship workflows
- Establish a data lake with native data quality to process consent and data subject rights
- Track and manage data with audit trails and data lineage