#DataPrivacyDay Interview: Robert Waitman, Director of Data Privacy, Cisco

Thursday January 28 2021 marked Data Privacy Day, an international effort to empower individuals and business to respect privacy, safeguard data and enable trust.

With so many data privacy issues – most notably (but not limited to) the COVID-19 pandemic and global democratic tensions – currently playing key roles in everyday life, there has never been a better time to openly discuss and address the data privacy landscape.

Amid that backdrop, Infosecurity spoke with Robert Waitman, director of data privacy at Cisco, to gain his take on the key data privacy scene and the role data privacy is playing in the cybersecurity sphere.

How would you rate the state of data privacy in 2021?

The days of thinking about privacy as merely a compliance issue are over. Accelerated by the pandemic, privacy has become an essential priority for management, employees and customers alike.

According to our recent data privacy benchmark research, 90% of organizations say their customers won’t buy from them if data is not well protected.  What’s more, over two-thirds are now recognizing the business value that comes from privacy investment, including improved operational efficiency, reducing privacy-related sales delays and building trust with customers.

What are the key data privacy issues currently impacting society?

Personal data, including our health status, social contacts and physical locations, have been needed to help control the spread of COVID-19. Information about who has been vaccinated will also have to be handled carefully going forward. Despite this, over 60% of individuals want little or no change to privacy protections, and they continue to be concerned that their data might be used for unrelated purposes or sold to third parties for marketing purposes.

In addition, the rapid shift to remote working has put additional burdens on organizations to keep things running, and 87% of individuals are concerned about the privacy protections associated with the tools they are using to work and interact remotely. 

Where does data protection fit into wider cybersecurity strategies?

Data privacy and governance must be integrated with security, and organizations cannot have strong privacy without strong security.

Data protection efforts strengthen cybersecurity, too. Three-quarters of respondents saw a direct correlation between privacy investments and the ability to mitigate security losses. Privacy skills have also become a core capability among security professionals, and more than a third now say it’s one of their primary areas of responsibility.

What is being done to ensure the privacy of data on a national and international scale, and what more needs to be implemented?

Over 130 countries now have omnibus privacy legislation, anchored around principles of transparency, fairness and accountability. These laws provide guardrails on the appropriate use of data and help assure customers that their data is being properly handled. Unlike other regulations that add cost and complexity, these laws are quite popular with nearly 80% of organizations around the world indicating they have had a positive effect. External privacy certifications (e.g. ISO 27701) also make it easier for organizations to do business together, and 90% said these certifications are now an important factor in the buying process.

Going forward, there is much work to do. Many countries are working to implement or improve their privacy laws. Cisco supports having a federal privacy law in the United States, which would help avoid having many separate state regulations that could be onerous or even conflicting. We should also work to make more consumers aware of privacy laws and their rights under these laws, as that builds confidence that all parties – governments, organizations and individuals – are working to ensure that personal data will be appropriately protected.

What’s Hot on Infosecurity Magazine?