The Necessity of ZERO Trust in Data Discovery for Privacy
“I’m not upset that you lied to me, I’m upset that from now on I can’t believe you.” –Friedrich Nietzsche
As a Privacy stakeholder,
whether you are in a Legal, Governance or Security function, you must be certain that you understand all usage of
personal data and that it is properly protected. CCPA fines are much
harsher in cases of a breach where personal data was not properly protected.
Same for virtually all other Privacy regulations.
Here
is my question(s):
How can you rely on having quality data if you don’t understand all data uses? How can you be 100% sure of your coverage of sensitive data security requirements if you aren’t 100% sure you see everything?
In a dynamic enterprise
there is one truth that is undeniable; business units in the organization create copies of personal data for a multitude of uses,
whether it be for marketing, customer analytics or other reasons. This is the emerging use case of Discovery
technologies, being able to continuously detect changes in the uses of personal data.
Why has this need arisen?
Because, to quote Dr. House, all patients are liars!
It’s
not that they lie on purpose. They just don’t always know what is important and what isn’t.
While data security is not
equivalent to data privacy, the two are fundamentally intertwined, and data
security often forms the technical execution basis of fundamental data privacy
functions.
Data Security is based on the Zero Trust
principle. This is the dirty secret that all us veterans in
the data security world know; we can’t trust people to tell us about the areas
of exposure they have created. A technology that can do that is the only thing that can
help.
This is why it no longer makes sense associating discovery with trust based on coverage of data made up of manual mapping of repositories.
There shouldn’t be any.
Photo Credit: https://www.bbc.com/news/entertainment-arts-51197894
*** This is a Security Bloggers Network syndicated blog from 1touch.io authored by Zak Rubinstein. Read the original post at: https://1touch.io/blog/data-coverage-privacy-security/
