This story originally appeared in Workflow Quarterly: The Resilience Issue
Widespread digitization has given organizations access to more data—and more types of data—than ever before. Businesses now routinely store massive amounts of information about their employees, customers, partners, vendors, and suppliers: onboarding and interview data, data from in-home smart devices, data about transactions, supply chains, and more. While data is the lifeblood of most organizations, it also poses a substantial liability.
As countries, states, and cities continually pass new governance and compliance measures, the regulatory landscape is becoming increasingly difficult to navigate. Businesses are now beholden to a complex web of governance, risk, and compliance laws. And as hybrid and remote work become the norm, the threat landscape is growing and changing quickly. Companies are processing and storing data from new digital services that saw rapid uptake during the pandemic. At the same time, threat actors are changing their tactics in response to shifts in work habits.
For those responsible for safeguarding the ever-increasing volume of data and making sure their organizations are resilient in the face of such threats, how can they maintain an effective data privacy program?
To answer these questions, Workflow sat down with two senior managers at Ernst & Young—Ishant Goyal, senior manager and ServiceNow architect, and Tori Tripp, senior manager of data protection and privacy. Using the Now Platform, Ernst & Young built automation tools that enable organizations to customize privacy-related workflows. When onboarding a new vendor, for example, instead of manually checking whether the vendor is using inventory software that is compliant with local and federal regulations, the system can help check automatically.
Goyal and Tripp believe the key to a good program is “privacy by design.” Rather than attempting to secure products and services after they’re launched, privacy by design bakes privacy protection into the development process.
What came out of this conversation were nine steps that executives can take to implement privacy by design in their organizations.