Accepting and Eating Cookies on International Data Privacy Day

Post Date: 01/28/2021
feature image

Be sure to let us know what data privacy means to you on Twitter and LinkedIn, and be entered to win a years’ supply of cookies!*

Okay, let’s face it: 2020 was an unusual year, to be kind. In fact, for many of us, the separation between work and home life—or that elusive quest for work/life balance—went right out the window-as our offices and work lives quite literally took over our homes! In response to the global pandemic of 2020, businesses moved quickly to execute their crisis plans. This included key steps to activate business continuity plans globally, shift to virtual working environments, and to enhance capabilities to meet data demands. In short, increased volume and timeliness demands required new approaches to data governance, quality, and access rules and processes.”

With the sudden shift for many organizations to an almost entirely remote workforce also came a rapid “ready or not” acceleration into the use of cloud technologies and a virtual explosion of data. While data was now being accessed and managed in the cloud, the devices and locations from which people were doing their work were often in shared, non-private spaces. In some cases, corporate cloud solutions were even intermingled with previously used “consumer-focused technologies” (i.e. Zoom).

The cloud truly is just “someone else’s computer.”

So why would you put your data, systems, or even host your infrastructure on someone else’s computer? The immediate draw to cloud computing is clear: reduced total cost of ownership and less hardware for IT administrators to maintain. Hosting your applications and storing your data in the cloud could reduce cost and improve global access to content.

At the same time, for organizations subject to regulatory requirements, the move to the cloud is not without risk. Some enterprises have significant concerns about storing business data outside the walls of their enterprises due to non-employee IT administrators possessing a high level of access and control over information; available technology options to secure and manage user access and authentication; or even intentional or accidental actions of employees or contractors.

So what should a privacy strategy look like for a proactive business in 2021? You will need to do your best to “future proof” your business so that you can not only survive, but thrive in the data explosion to come.

Know Your Data

First and foremost, know your data and know your employees! Understand the data that is held within your organization. Every organization has sensitive data. Customer information, employee records, intellectual property, medical records, and so on. In order to appropriately protect it, you must understand the lifecycle of data in your business. Determine:

  • What the data is
  • How the data is being created or collected
  • How the data is maintained
  • How the data is stored
  • How the data is shared while being used
  • How it should be disposed of.

All of the above are key steps toward implementing better practices that will protect these valuable assets. Once privacy practitioners have an understanding of the original source of the data, they can best decide where it should live, with whom it can be shared, how it can be accessed, and how it should be destroyed. Only once you understand your data can you then implement practical and operational policies that delineate between work-related data and personal data.

data privacy

Give Your Users Control of Their Data

Consumers are hyper-aware of the misuse of data by big tech. Aside from the typical cookie-cutter awareness technologies and a visibly stated privacy policy, businesses can take additional steps to give consumers more control of their data. Transparency and accountability are key to building consumer confidence. The pillars of good data governance based on principals of an individual’s rights to and for their own data, and corporate responsibility to maintain ethical and responsible data principals for security, privacy, transparency, control, accountability, integrity, innovation, and social impact.

A Look to the Future of Data Privacy

We are living today in a world where the “future” of privacy is superimposed over the rapidly evolving explosion of disruptive technologies. A world in which DNA evidence can be fabricated, computers can predict and choose “like a human,” and where there is some debate over whether you even own information about yourself and your choices. As enterprise organizations consider their data optimization and data protection strategies, they need to first understand the changing landscape. Both consumers and businesses are increasingly using privacy protection and strong security as a discriminator. In fact, in many ways, a robust security and data privacy program have become a non-negotiable expectation of business.

The evidence of this is that security is becoming increasingly woven into Service-Level Agreements, including those carefully negotiated with and by cloud providers. Moreover, the average person is now familiar with security. Breaches appear on the nightly news and as a consequence, consumers are more “security aware” today than they ever have been in the past.

Not only is there a heightened awareness level among consumers and their concerns about theft, fraud, and security, but there’s also a change in the policy and regulatory landscape. Businesses have always had to adhere to regulations, guidelines, and standards, but audits have also changed the economics and created an “impending event.” While hackers may attack you, auditors will always show up. At the same time, disclosure laws mean that the consequences of failure have increased to organizations that suffer a breach.

While we’ve seen a shift in external pressures of consumers and regulators, technology has also leapfrogged ahead, introducing a more complex and rapidly-evolving ecosystem to protect and far more data than has ever been managed before. More and more applications and transactions happen over the Web, the cloud is completely changing our notion of a “perimeter” around which we can build protective walls, worker mobility is redefining the IT landscape, and the personal employee devices of “Shadow IT” are now becoming part of enterprise IT.

How Can You Be Prepared?

So what does this mean to the economics of a privacy and security program? How can you (and should you) protect everything against everyone?

In the end, here are three invaluable rules to live by:

  1. Systems need to be easy to use securely and difficult to use insecurely. This is critical and perhaps one of the single largest areas where data protection programs can be revamped.
  2. Make it easier for your end users to do the right thing with data than the wrong thing. Create rules and IT controls that make sense and make it easier for users to do their jobs effectively with the systems and controls that you want them to use.
  3. Don’t set up policies that are so cumbersome and restrictive that your employees are pushed to private cloud options (DropBox, Google Docs, etc.) to be able to effectively do their jobs.

At the end of the day, your employees will do what they need to do to get their work done. Join them in making it simple to use the systems you can control. And may 2021 be the year of privacy, peace, prosperity, and health to you all!

*One entry per account, per platform. One year supply of cookies in the form of 52 boxes of cookies, shipped quarterly. In partnership with AvePoint Philanthropy, we will also donate the monetary equivalent to your local food bank! Cookies not your thing? Donate it all, just let us know. The winner will be notified by DM on the platform they submitted the winning entry. Must be 18 and older to be eligible.

Keep up with all things Microsoft 365 by subscribing to the AvePoint blog!


Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all post by Dana S.

Subscribe to our blog