How is the Data Privacy Law impacting your role?
There are conscious efforts by the CISOs across, to ensure that the controls are well put in place and a strong governance mechanism is setup to take care of the security controls’ performance. The security controls are required under the Data Privacy Law are essentially not there with most of the companies, and with cloud catching up the speed, enterprises would also need to build the controls in the cloud as well.
Since the law requires a lot of investments, time and dedicated focus, the regulation can be thought of in two parts – data privacy, and data protection. Legal teams may be accountable to drive privacy, in terms of contracting with vendors and how data has to be processed within the company. Followed up with the security or infosec teams looking into the technical part and ensuring the data encryption, data leakage prevention solutions, incident and breach management solutions are in place. The companies must shift focus towards having more governance mechanisms to ensure that these breaches are investigated and reported well in advance. Generally, we view this as the combination of legal, HR and IT teams put together.
How should organisations prepare themselves for the data privacy law?
The initial phase should start with Privacy Impact Assessment (PIA) to identify the data locations, types of data whether structured or unstructured and identify the sensitive data. Further, mapping the business functions which are dealing with these data. Moreover, working alongside the legal teams to ensure that the process part is taken care of in terms of policies and contracts making, to be compliant with the regulations and put more technical controls.
How is privacy different this year as opposed to the previous years for the pharma industry?
Considering that the businesses are going towards the big data and AI adoption to get the meaningful information to carry on the business operations. Now, how are these emerging tech impacting the security directly? A lot of these technologies are consumed through the mobile applications, social media, OTs and IoTs; which would mean the data is no longer in our premises and could be lying anywhere.
Applications security solutions like Cloud Access Security Broker (CASB) plays a major role in technical controls, which is new to the manufacturing sector and Operational Technology (OT) being used in any manufacturing setup is now converging a lot with IT. OT always had its own set of problems, with legacy systems and are never security complaint enough, which would further call for more control implementations and collaboration with the different stakeholders.
The major problem with OT security has always been that it was never been under direct preview of CISOs, it has always been taken care of by local engineer teams. The impact of OT security breach is catastrophic for any company. The industry is exploring ways to protect and govern OT environments. By converging OT with the power of advanced computing, analytics, automation, and connectivity, the OT is allowing companies to make significant operational improvements and to better compete in the modern world.