With the proliferation of data privacy breaches in recent years and the resultant media coverage, we could be forgiven for thinking that privacy is a new concern. However, lawyers and other commentators have been hotly debating this subject for at least as long as the print media has existed. In 1890, Louis Brandeis (later a […]
With the proliferation of data privacy breaches in recent years and the resultant media coverage, we could be forgiven for thinking that privacy is a new concern. However, lawyers and other commentators have been hotly debating this subject for at least as long as the print media has existed. In 1890, Louis Brandeis (later a Supreme Court Justice) published his seminal essay "The Right to Privacy" in the Harvard Law Review, in which he asserted:
The design of the law must be to protect those persons with whose affairs the community has no legitimate concern…It is the unwarranted invasion of individual privacy which is reprehended, and to be, so far as possible, prevented.
Justice Louis Brandeis, Privacy Pioneer
Here we look at several trends in the multifaceted area of data privacy regulation that are set to heat up in 2024, and some of the resultant challenges that businesses will face. We mention some ways in which FileCloud's hyper-secure EFSS solution can be helpful in navigating an ever-more complex privacy landscape.
In 2024, the ability to comply with data privacy regulations will only become more vital for protecting brand reputations. For this reason, large organizations are likely to continually increase expenditure on privacy implementation and training. Data privacy legislation will continue to expand across the world throughout 2024.
In the U.S., eight states passed privacy laws in 2023, with five of these scheduled to come into effect in 2024 in Delaware, Florida, Montana, Oregon, and Texas. As more states introduce privacy laws, companies operating in several states will face the challenge of accommodating diverse privacy requirements.
Canada is likely to replace its Personal Information Protection and Electronic Documents Act (PIPEDA) with the Consumer Privacy Protection Act (CCPA) in 2024, which will incorporate the Artificial Intelligence and Data Act (AIDA) to regulate trade and commerce in AI systems with a risk-based approach.
The EU Digital Services Act (DSA) will be fully applicable from February 2024. It imposes stringent obligations on digital marketplaces, social platforms, content-sharing sites, and more. Its obligations around online profiling, algorithms, and advertising will require huge changes to platforms' operations, with hefty penalties for non-compliance.
The Digital Markets Act (DMA) also comes into force in March 2024. It sets out certain requirements of companies with a large market share and influence ("gatekeepers"). Like the DSA, it imposes obligations around data profiling and targeted advertising, including requirements for explicit consent for the use of individuals' personal data. It also aims to ensure users can move seamlessly to competitors' services through data transfer.
EU member states will need to implement NIS2 Directive, which seeks to establish high standards of cybersecurity across the EU. The EU also requires financial institutions throughout Single Market to be fully compliant with the Digital Operational Resilience Act (DORA) by the end of 2024.
Further EU privacy-related legislation in the works includes:
Due to the continued increase in privacy legislation, many business leaders are predicting a significant growth in the use of privacy-enhancing technologies (PETs) throughout 2024. PETs can be broadly defined as technologies created with data protection as an intrinsic part of their design. They have built-in functionality that safeguards personal data processed within organizations, in line with privacy laws. Such technologies comply with established modern principles associated with data protection, such as purpose limitation and data minimization.
PETs use techniques like homomorphic encryption and synthetic data to reduce or remove the identifiability of individuals when organizations process their personal information. PET use cases are heavily dependent on sectoral and enterprise requirements. These technologies not only help enterprises to comply with data privacy laws, but also allow them to access valuable analytics and insights without risk to privacy.
A recent S&P Global Market Intelligence report, 2024 Trends in Data, AI, & Analytics, found that 49% of companies have a high intent to invest in AI in 2024. According to a recent Gartner survey, 40% of organizations have already had privacy breaches related to AI, with one in four malicious. Legislators are recognizing that AI can pose privacy risks.
The EU will finalize its AI Act, the first of the AI regulations, in early 2024. This will be pivotal in influencing similar regulations across the world. Equally influential on future regulations will be President Biden's Executive Order on AI Safety, issued in October 2023. The Executive Order recognizes the potential of AI to exploit personal data and sets out measures to guard against this. Enterprises often use this data to train AI systems. It's likely that some current AI deployments will need dismantling to comply with regulations, which is potentially a costly exercise.
Enterprises globally will accelerate their focus on data sovereignty and data localization, influenced by continued geopolitical instability and increased regulation. This will probably trigger a resurgence of interest in private cloud technologies.
Due to the varying requirements in privacy laws, organizations will require customized localization strategies and are likely to invest heavily in this area. We can expect to see many countries developing sovereign clouds, with no third-party involvement, and taking measures to protect against state-sponsored attacks on IT infrastructures.
Zero trust security is set to continue its upward trajectory in 2024. This will be largely driven by the further normalization of hybrid working models. Many enterprises will likely enhance their security postures by adding further layers. Generative AI will increasingly monitor organizational network traffic for added security. Enterprises will introduce role-based security or refine existing models to further limit access to sensitive data. Additionally, time-based access models are likely to become more prevalent.
FileCloud already has built-in role-based access control (RBAC). Additionally, it includes functionality to set time limits on file access and shares with its highly granular file and folder permissions, both internally to your organization and externally.
In fact, FileCloud has won several awards from Gartner Digital Markets brands for 2023. It has achieved a definitive thumbs-up from users on the Capterra, Software Advice, and GetApp websites. FileCloud has also shown a strong performance on G2 in 2023, where it has been categorized as a leader in its space in various reports. These accolades show that FileCloud's privacy and security capabilities are receiving consistent endorsement from customers.
FileCloud engineers designed the product with data privacy and security in mind from the get-go. FileCloud has numerous features that help to safeguard the integrity of your enterprise data. These include Data Leak Prevention (DLP), end-to-end encryption, protection against malware and ransomware, comprehensive audit trails, and more.
FileCloud's API ensures seamless customization for adherence to geo-specific regulations and enables integration with most internal platforms. Furthermore, you can deploy FileCloud Server on premises for a great private cloud solution.
Would you like to learn more about how FileCloud can help simplify the disparate, tangled web of compliance with global privacy legislation? To talk to one of our solution experts, you can schedule a demo here.
Alternatively, you can experience FileCloud yourself by signing up for a free, no-strings FileCloud trial.
Written by Deirdre Clancy, Technical Content and Communication Manager