Most organizations take great care to secure their data from attack, exposure, and/or corruption. Indeed, companies have implemented many layers of security within their infrastructure to accomplish data protection while at rest (data encryption), while in transit (secure transport), and increasingly while being processed (confidential computing). Yet relatively few enterprises have put together a data privacy strategy that can protect them from breaching a growing array of regulatory compliance requirements. Indeed, we estimate that while nearly every organization has a high level of data security protections in place, the number of companies able to confirm they are compliant with all regulatory obligations by keeping personally identifiable data private is currently well below 50%. And with the growth of regulatory restrictions, the requirement for implementing enhanced data privacy in most businesses is becoming critical. To accomplish this, companies must think beyond the typical “SecOps” mentality.

For many industries, regulatory compliance is a mandatory obligation. Indeed, industries like Finance, Insurance, Healthcare, Retail, Public Sector, Education, and Pharmaceuticals, to name just a few, have deployed significant resources over the past few years to make sure they are not in breach of any pertinent regulations (e.g., GDPR, HIPAA, CCPA, etc). But as more states and country-wide regulations are enacted with broader enforcement and wider inclusion, even those industries that were previously not very concerned (e.g., manufacturing, transportation, food processing) are feeling the pressure to comply. And international businesses face the daunting task of staying compliant across many borders and within the regulations of many different enforcement agencies.

Exacerbating this data privacy challenge for most companies is that the move to be a data driven enterprise means that data is shared with many more participants, both internally and externally, in order to provide a more complete business analysis. But not all users are created equal when it comes to data access and manipulation. Indeed, there are many classes of user access to data that needs to be based both on the individual’s position in the organization and the level of data needing to be accessed. Typically, data repositories are not good at distinguishing between various levels of data access, and this presents a challenge to maintaining data privacy and compliance.