Five developments you can expect to shape the data privacy landscape in 2022
When it comes to data privacy, there are many developments which are going to affect how organisations collect, store and safeguard personal and sensitive information in 2022. In this article, we look at five reasons why data privacy needs to be high on the priority list this year.
1. More regulations coming into force, requiring stricter protection of workforce data
The data privacy regulatory environment will advance this year. In the USA alone in 2021, the states of Virginia and Colorado followed California and passed privacy bills, with both coming into effect in 2023. But a huge 21 more US states introduced data privacy bills last year, including New York and Washington. What’s likely is the advancement of some of these as the individual states explore how to regulate data privacy in the absence of a national policy. On a global scale, last year the Chinese government passed what is considered to be the strictest data privacy laws in the world, while the UAE’s new personal data legislation has just come into force last week. With more regulations being introduced worldwide, organisations will need to ensure they have processes in place to secure the personal workforce data they’re holding in their HR and Finance systems.
2. Organisations collecting more sensitive information due to diversity initiatives
It goes without saying that inclusive organisations make employees feel valued and supported by the organisation for which they work, with Workday helping customers pave the way for this. Collecting and storing sensitive data, including gender, gender pronouns, sexual orientation and race, has become a critical factor in diversity and inclusion initiatives, such as workforce composition. In the US, federal regulations require organisations with over 100 employees to file certain demographic information. This year we can expect to see more companies devote additional resources to advancing diversity in the workplace. Recent Gartner analysis found that demand for recruiters with experience in diversity has jumped by 800%. While this is a hugely positive step, employees also expect this additional and confidential information to be kept secure, and accessed only by those who need to see it for these specific purposes.
3. Growing workforce knowledge of data privacy rights
Due to the emergence (and publicity) of data privacy regulations, understanding of privacy issues is growing. Consumers, as a whole, now have greater control over what they share and receive online, thanks to regulations such as the GRPR “Cookie Law” or the US’ CAN-SPAM Act. This undoubtedly has an impact on organisations as employees have greater expectations that their personal and sensitive information is being protected and not misused. A study by Pew Research Center in 2019 found that 79% of Americans assert that they are very or somewhat concerned about how companies are using the data they collect about them. This year, organisations need to be proving, and demonstrating, that they are safeguarding personal and sensitive information to an increasingly educated workforce.
4. Top-down approach to data privacy becoming commonplace
Data privacy and security are no longer the “problem” of the IT department. Organisations worldwide are recognising the impact such a breach could have including reputation, financial loss and employee disengagement. It’s for this reason that data privacy is now seen as business critical, and in fact, is an issue which sits firmly in the boardroom. Chief Security Officer (CSO), Chief Information Officer (CIO), Chief Data Officer (CDO) and Chief Compliance Officer (CCO) are just some of today’s C-suite roles concerned with data and information security/ governance. With this “top-down” approach to data privacy become more commonplace, many organisations are looking at new solutions to ensure proactive protection over the workforce data they store.
5. Growing necessity to automate data privacy
As the landscape changes and evolves, new regulations come in to force, and old regulations are amended (such as CCPA), organisations must be able to adapt. This can be challenging for large enterprises whose workforce spans many jurisdictions. Now more than ever, organisations understand that the only way to scale such data privacy operations is through automation. This might include solutions which can detect and prevent inappropriate access to personal and sensitive information, reducing the risk of data breaches. This year, more organisations will be looking to technology to help extend their compliance controls, particularly tools which make it easy to report back to the C-suite that robust measures are in place.