Privacy programs could also take far greater advantage of available security solutions. Some are already taking advantage of some security technology, such as encryption, he said. That makes sense because data breach laws are more lenient when lost data is secured via encryption.
One oft-overlooked technology, however, could be data loss prevention (DLP) solutions. Increasingly popular, DLP solutions are used to protect data such as customer financial information from leaving the network. But DLP could also be used to help contain many other forms of personally identifiable information (PII), said Casper. Another type of technology, data masking, is also being employed more often, frequently by business units sharing information overseas as well as in situations involving application and software testing. Data masking could help with privacy requirements related to data minimization, secure data storage, and other areas, he said.
To access and employ such technology, officers might seek to identify and ally themselves with “stakeholders” throughout an organization who might also benefit from the security products. Solutions such as DLP could appeal to business areas such as sales or business development, which might want to better secure data such as business contacts and intellectual property, he said.