IT Focus Area: Security
August 30, 2018
Data Protection 101: Compliance, Recovery and Classification
Data protection is critical to keeping your assets safe in both physical and virtual environments. But, in an ever-evolving digital environment, businesses are finding that they must constantly reassess their data protection strategies in order to keep pace with the changing IT landscape.
How Do I Define Data Protection for My Business?
Let’s start with the basics: Data protection refers to the process of securing data from loss, corruption and compromise. Data, of course, can mean a variety of things to different organizations, including personal identification, payment information, research or other information important to the business.
The key to defining data protection for your business is understanding the type of data you collect and knowing how you store and manage it.
What about Data Regulations ― Don’t They Help Protect My Data?
There are many formal data protection regulations organizations must meet to avoid penalties and fines. These are rules and requirements governed by outside organizations that determine how information must be legally protected and for how long.
Some common regulations include:
- Defense Federal Acquisition Regulation Supplement (DFARS)
- SEC Privacy of Consumer Financial Information
- Health Insurance Portability and Accountability Act (HIPPA)
- FDA – cybersecurity recommendations
- FDA – electronic records (part 11 of Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures (21 CFR Part 11)
But these are just a few examples of major regulations; in fact, there are hundreds of regulations put in place by various agencies nationally and internationally.
One of the largest regulation changes is the recently enforced European Union (EU) General Data Protection Regulation (GDPR). The GDPR is the latest law requiring how EU customers’ personal data is handled and protected. Enforcement began May 25, 2018. It allows individuals to request that a data controller remove all records pertaining to that person, including production data and backups.
Complying with data protection and regulations is essential, but it should also be just the beginning of your data protection strategy.
It’s important to start with compliance, then build a strategy that is customized to your data needs. As you can see from the frequent breaking news about data breaches at well-known organizations, compliance is not nearly enough. Giants like Target, Facebook, Chase and many more have all fallen prey to the evolving complexity of cyberattacks. And the impact of a data breach doesn’t end when it’s discovered ― the effects will ripple throughout the organization and its customers.
For any organization, a breach is not just possible, it’s probable, so a backup and recovery strategy is an essential part of any data protection plan. A backup and recovery solution will ensure that your data is safe if a catastrophic event happens, with systems in place that will recover or reconstruct that data. These solutions can help you combat threats and maintain compliance.
How Should I Begin Classifying My Data?
So, how do you identify the level of protection you need for your data? The first step is to classify the type of data your organization collects, manages and stores.
When you’re establishing your data protection strategy, consider:
- Your needs based on specifics related to your industry
- The type of data you collect and store
- The various regulations you need to adhere to
Once you understand your business needs based on the type of data you collect, put policies and guidelines in place to categorize your data and provide the right level of security for each category.
Your data will be organized into groups that share similar risks and security requirements. Doing this can also help distinguish which data is most important. Utilizing the right classification and security tools can enforce the various government regulations and prevent any data disclosures or threats.
Compliance, Recovery and Classification Are Key to Data Protection
As governance changes and the digital landscape evolves, businesses are required to keep more information and for longer periods of time, all while combatting new and constant threats.
By classifying your data, you can gain a thorough understanding of your business needs and data protection goals, which will make it easier for you to build a data protection strategy that’s up to the task.
Working with a partner that understands your unique challenges can help ensure that you implement the right mix of technologies for centralized data protection strategy and ease of use and deployment.