Since 2007, Jan. 28 has been known as International Data Privacy Day, observed in Europe as Data Protection Day. This takes place around the globe in an international effort to empower and encourage individuals and businesses to respect privacy, safeguard data and enable trust between all people.
At Progress, we have a strong commitment to protecting our data and that of our customers, employees and vendors/service providers, especially during this time of new legal challenges caused by rapid technological development. To act on this commitment, we have in-house experts who run internal and external programs to oversee data and information security programs.
We recently caught up with Richard Barretto, director of information security at Progress, and asked him to share his perspectives around data privacy, how COVID-19 has impacted his practice and the 2021 trends he is seeing affecting data privacy at home and abroad.
How should companies and consumers prepare for or prevent a data breach? And what are you doing?
A data breach is going to happen, so we all need to be prepared for when it happens. A great way for any organization to prepare for a breach is to run a tabletop exercise with the key personnel (IT, HR, security, legal, compliance, customer support) involved in a breach and walk through a fictitious scenario and determine how the organization would respond and react. Document all the possible steps, communications and actions your organization would take. The tabletop is also a great way to exercise and improve your current incident response plan (continuous improvement) if you haven’t updated it for a while.
What concerns do you have with so many people working from home during the COVID-19 pandemic?
These risks during a pandemic are almost the same. It is just distributed across geographical locations and not just in the office. It’s important to keep employees on their toes. In this environment, working from home can cause them to let their guard down and leave the company more susceptible to attacks. For example, in this COVID-19 stressed global economy, I expect to see more fraud and phishing attempts. I don’t know about you, but I receive almost one or two daily phishing attempts or phone calls asking about my personal information or requesting me to click a link in my email. Companies and employees must be vigilant in their training and education about these vulnerabilities.
What are some other trends to watch for in 2021 and how can companies get ahead of what is coming next?
Supply chain security is on top of a lot of organization’s security strategies list. The SolarWinds hack at the end of 2020, should have increased any company’s awareness that its security depends on suppliers of safe and secure software and hardware solutions. To get ahead, assess the risks of your suppliers and how they are utilized in your organization. As best as you can, minimize the exposure your suppliers have on your network, or limit the access to your data.
In which cases does something like personalization by ethical companies just trying to have great ecommerce run into big problems caused by a few bad apples spoiling things for everyone?
Every company would love to provide personalized products or services that are tailored to your needs and provide more value. This means organizations may have more information about their customers than consumers realize. This emphasizes the importance of transparency around what data is collected, how data is handled and the ability to correct or delete your data are rights that our customers have. Progress clearly states our data policies in our Privacy Center for your review.
What’s next for data privacy regulations in the U.S. and other countries/regions?
Countries all over the world have followed suit since the EU’s General Data Privacy Regulation (GDPR) went into effect in 2018. For example, Brazil’s data privacy regulation became effective late last year and India expects to pass something later this year. As for the U.S., I expect that Congress is not far away from adopting similar privacy regulation like GDPR. Last year, several legislative bills were introduced to Congress for consideration (e.g., Setting an American Framework to Ensure Data Access, Transparency, and Accountability or SAFE DATA Act).
What is 'privacy by design' or 'privacy by default,' and what does Progress do along those lines?
This means for Progress that protecting the privacy and security of your data is our utmost commitment by default, and we consider this when Progress develops or designs products or services. It is our process to review the threats and risks to the privacy of your data and assuring the security of your data is sustained.
Nelson Ortiz is internal communications manager for the Progress corporate communications team.
9 december 2021 (online cursus van 1 ochtend) Workshop met BPM-specialist Christian Gijsels over business analyse, modelleren en simuleren met de nieuwste release van Sparx Systems' Enterprise Architect, versie 15.Intensieve cursus waarin de belangri...
17 maart 2022 (online seminar op 1 middag)Praktische tutorial met Alec Sharp Alec Sharp illustreert de vele manieren waarop conceptmodellen (conceptuele datamodellen) procesverandering en business analyse ondersteunen. Waardevolle online tutori...
19 en 20 mei 2022Praktische tweedaagse workshop met internationaal gerenommeerde spreker Alec Sharp over herkennen, beschrijven en ontwerpen van business processen. De workshop wordt ondersteund met praktijkvoorbeelden en duidelijke, herbruikbare ric...