Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

Data privacy in the era of COVID-19 vaccine rollouts

By Drew Daniels, Elizabeth Schweyen
data-protection-freepik
July 28, 2021

Seven months into the year and it’s clear data privacy will continue to be a critical issue in 2021. We’ve seen critical infrastructure and multiple credit agencies experience significant data breaches, with some even suffering two in less than a year. According to a recent report, European businesses were fined $40.56 million in privacy-related violations in the first quarter of 2021. The breaches and data leaks we see in the news almost every day have resulted in devastating consequences for both organizations and consumers.

But in today’s complex IT landscape, many organizations are just one employee click away from a cyberattack. Many of our colleagues have been discussing this for years, if not decades: an organization is only as strong as its weakest link and we are all vulnerable to the human factor. With cybercrime up 600% due to COVID-19, 73% of IT leaders are more concerned about protecting their data from ransomware than ever before. Even while hard at work, employees can pose a security threat to companies, with 57% of IT decision makers concerned remote workers will expose their firm to the risk of a data breach.

Organizations are also navigating an increasingly complex regulatory landscape where failure to comply can and has led to costly fines, a damaged corporate reputation, and lost business opportunities. Data has truly proven to be an invaluable asset, but also an unbounded risk if not properly managed. As we close out our reflections around the third anniversary of the General Data Protection Regulation (GDPR), this moment serves as an important reminder for many that security and privacy is critical every day of the year. 

 

The evolution of privacy and compliance in the workplace

The World Economic Forum predicts 463 exabytes of data will be created every day by 2025; that’s about the equivalent of 562 trillion pages of text. In light of the rapid proliferation of data, ensuring privacy and compliance has become increasingly challenging. Although the GDPR wasn’t the first data privacy regulation, it has become the blueprint for the majority of privacy legislation that has followed. At first, many companies either waited too long to prepare for, or thought the GDPR wasn’t something they were impacted by. But in the global economy, users and customers are everywhere. This has helped elevate the GDPR as an eye-opening disruptor. Since its implementation in 2018, many states such as California, New York, and Nevada have followed suit, introducing their own privacy legislations on how businesses should store and collect data. Most notably, this past year California passed the California Privacy Rights Act (CPRA), aimed to bolster the privacy protections set by the California Consumer Privacy Act (CCPA).

The GDPR and CPRA, among other privacy laws, also apply to a business’s employees and contractors, meaning organizations must apply the same amount of protection and care for employee data as they do for customer data. Prior to the CPRA, no US privacy regulation defined “sensitive personal information,” such as Social Security numbers, driver’s license numbers, demographic information or the contents of emails and text messages. Now it is absolutely critical to properly categorize and protect this information to not only avoid a privacy violation fine, but also build trust with staff.

 

The CIO game plan

Ensuring security and privacy is exceptionally important as more companies prepare for a hybrid working environment. As more companies prepare for this workplace shift, CIOs will not only be tasked with managing company data, but ensuring proper data hygiene related to health records when employees come into the office.

As CIOs prepare their organizations to charge forward in this privacy-driven world, there are several things they can do to set themselves and others up for long-term success:

  • Keep the business compliant by adopting cloud — Data regulations are changing all the time. While it may not seem immediately intuitive, there are native capabilities and services in the cloud that can ease the burdens and challenges of navigating these new regulations. Cloud-based search of backup data can cost-effectively meet privacy regulations because it can scale up and down its resource usage and only charges for what you use. 
  • Ensure the protection for all of your data — With hybrid work, business critical data is now everywhere. CIOs must look for holistic solutions that offer globally accessible, unified visibility spanning data centers, endpoints, SaaS applications, and cloud environments. The ability to meet data residency requirements also ensures that no matter where the business’s data is being stored, it’s available, compliant, and secure.
  • Review data practices and internal processes — While it’s easy to see data protection and privacy as a ‘tick the box’ exercise, such standards are typically a way to enforce a minimum level of security and safety. Businesses should focus on making the safety of data a core value proposition, not just a one time only exercise.
  • Revise workforce disclosures to include new rights — Organizations that are collecting employee health data, such as COVID-19 vaccination records, must update their employee disclosure agreements to ensure everyone is on the same page. Systems should also be put in place for inbound requests to remove an individual’s data. Such a process requires a tight integration between security, IT, privacy and legal teams to ensure requests are fulfilled.

Companies are increasingly turning to data to power their business, so they must in turn accept the responsibility to protect it with the level of care it deserves. With the third anniversary of GDPR now behind us, this is as good a time as any for CIOs to lay the foundation of a data protection strategy which will protect valuable assets and maintain compliance for years to come.

KEYWORDS: cyber security data privacy GDPR risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Drew Daniels is CIO and CISO for Druva.

Elizabeth Schweyen is Senior Manager of Global Privacy and Compliance at Druva.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • The security risks surrounding COVID-19 vaccine distribution

    COVID-19 vaccine security: an assessment of the risks, both physical and cyber

    See More
  • coronavirus

    Most Americans willing to forego personal data privacy to combat spread of COVID-19 and return to work faster

    See More
  • Been Hacked? Let That Be a Lesson to You

    Global phishing campaign targeting the COVID-19 vaccine cold chain

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing