In our on demand webinar, “Designing Storage Architectures for Data Privacy, Compliance and Governance” we discuss the impact of regulations like the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) on storage architectures. One of the ripple effects of these privacy regulations is the emergence of the rights of the digital citizen. Regulations like GDPR and CCPA gives the digital citizen unprecedented rights and those rights require the redesign of storage architectures.
The digital citizen expects organizations to seek consent prior to using their data, explain the intent of how that data is used, protect and secure their data while it is stored and retroactively destroy the digital citizen’s data when they choose. The basic concepts of backup, encryption and data storage need to be completely rethought.
There are some aspects of digital citizen rights, with which storage architectures aren’t involved. Getting consent, and explaining purpose and intent for data capture, is a front-end process. Protection, security and destruction however, are fundamentally part of the storage architecture. Each is fundamentally changed by privacy regulations.
Protection and destruction potentially change the most due to data privacy regulations. First, these regulations increase the scrutiny of the backup process. Organizations need to prove backup and recovery success. Second, and more impactful, is the right of on-demand and retroactive destruction of data. While entire backup jobs can easily be deleted, that compromises backup quality and potentially places the organization in violation of the protection requirement. A request by one or even one hundred digital citizens to have their data destroyed is a very granular, sub-job request. Backup solutions were not designed to facilitate a granular destruction requests.
Increasing scrutiny around security means that encryption by itself is not enough. The problem with encryption is once a cyber-attack is authenticated through the network, storage encryption has little value. Storage encryption’s true value is protection against non-authenticated access and storage system disposal. To protect against an authentication breach, organizations need to immediately limit authenticated access to data as much as possible.
A data management solution, typically an object storage system combined with data management software, is an ideal way to overcome these problems. A data management solution enables the organization to limit the use of backup as data protection. A robust data management solution handles the long term data retention that most organizations count on backup to provide. As a result, the data management solution changes the role of backup to only protect the most recent copies of data and not use backup for long term data retention. The data management solution provides granular search, automatic data classification and granular data removal.
The data management solution also limits the potential damage as the result of an authentication breach. Instead of keeping all data on primary storage, with its broad accessibility, data on the data management solution has a very finite number of authorized users. The data management solution will store the 85% or more of the organization’s data that is no longer being accessed, meaning that only 15% of the organization’s data is at risk.
Respecting the rights of the digital citizen are more than just something the organization has to do, it should want to do it. It makes the organization’s customers more likely to want to continue to do business with them. Also, with the right data management solution in place, the backup process is less complicated and less expensive. Primary storage consumption is greatly reduced and the ability to find data, good for more than just adhering to destruction requests, is greatly improved.
To learn more about the rights of the digital citizen and to learn how to design a storage architecture that meets the data privacy challenge, watch Storage Switzerland’s on demand webinar “Designing Storage Architectures for Data Privacy, Compliance and Governance”.