2018 saw a continuation of major data breaches in organisations, such as Marriot and Facebook. In honour of International Data Privacy Day (28 January), which brings heightened awareness and education around the importance of recognising and managing data privacy issues, and to help professionals navigate and stay in compliance with data privacy regulations, ISACA, in partnership with ACL, has released a new complimentary white paper, Enforcing Data Privacy in the Digital World.
“From the Notifiable Data Breach Scheme to GDPR, privacy laws continue to evolve as emerging technologies, such as robotic process automation, Internet of Things (IoT) and artificial intelligence (AI) change the way we work and play,” said Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, Director of Information Security and IT Assurance at BRM Holdich and chair, ISACA Women’s Leadership Council. “It can also be costly to businesses with enterprises paying millions in fines and legal settlements.”
The white paper arms enterprises with knowledge about privacy and security controls in the data life cycle, the evolution of global data privacy laws, and the impact of incorrect and/or missing data privacy controls. Enforcing Data Privacy in the Digital World then provides professionals with information to act on, including top data compliance challenges and solutions, tips for building a strong data governance program and an approach to manage enterprise data life cycle compliance needs.
The white paper also outlines several ways that enterprises can mitigate risk, including:
- Conduct a privacy impact assessment (PIA) to identify technology, process or people, that currently use data files.
- Assess the latest frameworks, standards, and industry best practices to implement a strong governance framework, such as COBIT 2019.
- Implement IT governance best practices to ensure proper access and stop personal and sensitive data from being accessed by unauthorised individuals.
“Controlling risk is not only essential from the perspective of maintaining data security, business continuity, and enterprise reputation, but it is also important from a regulatory compliance standpoint with the evolution of data privacy laws.
“There are so many factors that enterprises need to keep in mind and plans they should be implementing; this resource is here to help simplify these elements and provide a measured and informed approach to preparing for, monitoring, and mitigating risk to data privacy,” concludes Stewart-Rattray.
About ISACA
Now in its 50th anniversary year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 460,000 engaged professionals—including 140,000 members—in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 220 chapters worldwide and offices in both the United States and China.
