3 hours 39 minutes
Welcome to module 3.7
data protection discussion
with lisa Elvi Ph D.
During this module will discuss transitioning into a privacy role and how data protection plays a role in privacy management
and discuss the importance of data retention management and the value of data.
Without further ado,
let's get the conversation started.
Each one. Hello and welcome to one of our guest presenter chats with us. Dr lisa
Dolby. She is a professor at SAN Jose State University and she is a resident of Canada.
Welcome dr lisa.
Hello and thank you for the invitation. Yes, my name is Dr lisa del B and I am with the faculty at the School of Information, the high school at SAN Jose State University in the Masters of Archives and Records Administration Program which is known as Mara. The program is 100% completely online, which allows me to live and work in Toronto Ontario Canada.
Excellent, Excellent. We're happy to have you here and we're going to jump right into it.
Talked about talk to students about the importance of running a really sound, good privacy operation and you've got some really good advice I'd like you to
to uh importance today. So what advice do you have for individuals who are transitioning into a privacy role?
I would say that this is an exciting time to be transitioning into the role. Um privacy is such an increasingly important function in both private and public sector organizations.
And I believe the enactment of legislation designed to protect the privacy rights and freedoms and individuals like the european Union's General Data Protection Regulation G D P R um and the California Consumer Protection Act, CCP in the US are really changing the privacy landscape. So my advice would be, you know, to know your legislation. You know, these legal and regulatory requirements are important because they provide guidance for data collection consent
breaches, individual rights processing of data and the security of data.
And these regulations are impacting organizations globally.
I think we can all kind of reflect on the changes to personal information governance in an interconnected and virtually borderless world now and we really only have to look daily almost at media and news articles to see breaches in security violations that affect our own individual privacy.
So that is why organizations that collect personal data about their
clients and their employees must comply with these requirements. These regulations place a really strong emphasis on organizational data accountability and transparency. And in some cases, regulators can investigate and find organizations for violations
leading to great financial burden and often reputational damage.
Some additional advice that I would give for those entering the field
that I am seeing is this what I call convergence of roles and responsibility in the profession, especially in the area of risk compliance privacy records and information management and security. Um So no longer can you just you know, be trained to say be a privacy analyst.
But today that role would require you to have a basic understanding of some security practices, risk assessments, compliance roles, data governance and uh tension request requirements. Uh So I see the professional lines are blurring but in a very positive way.
Yeah, that's 100% debt. You know, you mentioned uh the importance of data retention in this position as it pertains to privacy. Can you expand on that a little bit more?
Sure, Absolutely. Great question. I would say that data retention and disposition as it pertains to privacy is so extremely important. You know, data retention and destruction is typically a key function of records and information management practice.
And as data is growing at this accelerated rate, knowing what data to retain and what to destroy is so important. Data retention and destruction is obviously it's the standardized process of creating, distributing using maintaining and disposing of data regardless of its medium or format or regardless of where it's stored. And usually this is done in a manner consistent with business,
these priorities and of course applicable legal and regulatory requirements. This is what I call the balancing act. Obviously there are legal and regulatory requirements that dictate. How long are you, how long you are required to retain data. But conversely,
they are also competing privacy requirements. And you heard me mention G D P R and CCP earlier that require you to delete data that is no longer required, especially if this data contains personally identifiable information or sensitive sensitive data. So that's why it's important for privacy professionals to understand data retention and destruction requirements and to really understand their organizational retention schedules and the rules that they contain.
But beyond just the legal and regulatory environment, which is obviously so important. We also have to be mindful of the information value. Uh data is a valuable resource. Um it has the ability to transform organizations, enables them to serve their clients better, plaster. It allows them to make smarter decisions and maybe even stay ahead of the competition.
So the key to unlocking the value of this data is to be sure that we are caring for it properly. And that includes developing healthy data retention and destruction habits.
As I mentioned with these increasing volumes of data and some organizations are in the terabytes. Now, all of this data could also come at a cost over retaining data can lead
to higher costs in storage space backups can take longer to run. A business continuity issues can take longer to rectify. So keeping more data than is required leaves us vulnerable to hackers event. And I say the more data you have from a cyber security perspective, the more you have to protect.
And also from a regulatory discovery perspective, the more data you have, the more that you have to produce or go through in the event of a legal investigation or audit. And most of all too much data with too much data, you will be like
wasting valuable time sorting through the mountains of information to find what you need um and less time focusing on the critical data and unlocking
So I would just say like to conclude um you know, data protection laws and principles and even potentially forthcoming new privacy regulations universally and data retention and destruction rules are all bound uh in complexity. For sure. This is complex
and this is also compounded by the kind of multifaceted and ever evolving data, environmental landscape that we find ourselves in. But I do think it's exciting to be a professional and be involved in this field right now. Thanks.
You know, I agree with you. 100%. And then you're, you're spot on, you know, when you're running a privacy program and and there's an intentional understanding of what information is being collected wide retained. You know, we started organizations to be
much more responsible, you know, with the data that we have and with that responsibility you pointed out, you know, the risk should go down the amount of storage that's data being stored, whether it's on site opposite in the cloud should reduce, which also reduces risk and expense. So I really appreciate you sharing your insights today. Is there anything else you wanted to add?
Nope? That's I think that's it. Thanks again for having me. It's been great. No problem. Thank you so much and enjoy the summer in Toronto awesome. Thank you. No problem.
So quick question. In addition to regulations, doctor lisa recommends we focus on the blank of data as it pertains to privacy management.
one encryption to type or three values.
The answer is of course
In this module. We discussed the importance of monitoring privacy regulations to ensure data is adequately protected and we reviewed the importance of data retention management and the value of data to reduce risk.