Protecting personal data, or personally identifiable information (PII) means establishing clear protocols, rules, or laws that any entity must follow. This is not a new concept but laws are becoming increasingly important as more data is being shared. Data protection laws have been implemented for years in Europe through the General Data Protection Regulation (GDPR). However, these data protection laws have just been introduced to the US. The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. The CCPA gives consumers’ rights to their data and it provides guidance to businesses on how to comply. As more of these regulations are being developed, it is important for businesses to understand the value in developing a data protection framework.
Protecting data is essential to the modern era of cybersecurity. However, despite the recent increasing recognition of data protection through laws, there is still a lack of regulatory frameworks. As a result, innovations of today will come back and haunt us tomorrow. We know that if data is left unprotected, there will be significant implications for society.
In order to minimize the impact, organizations must take it upon themselves to understand the potential future implications and develop a framework that will provide them future value. Data protection is dependent on ethics, trust, and technology. The following are a few value propositions on why organizations should develop a data protection framework.
- To prevent breaches that hurt organizations- such as ransomware
- To prevent breaches that hurt individuals- such as identity fraud
- To meet compliance regulations- such as GDPR and CCPA
- To maintain trust in order to build customer loyalty
- To support customers’ rights to access and control their data
- To gain a competitive advantage
- To ensure the overall physical safety of organizations and their customers.
At Kloke, we have identified the need for data protection. Kloke uniquely combines tokens, encryption, and biometrics to render data useless to attackers. Additionally, Kloke provides immediate recovery so organizations do not feel compelled to negotiate after a ransomware attack. Finally, Kloke’s field-level control balances the need to support the Right to be Forgotten with the need for keeping the related transactional data.