1 Introduction
The protection of sensitive customer data has become a critical issue of our modern times, especially for organizations that collect and maintain an individual’s information.
Privacy laws, regulations, and initiatives are proliferating to address the growing concerns over personal data use and control. The European Union's General Data Protection Regulation (GDPR), seen frequently in the headlines in recent times, gives Europeans the right to control their personal information collected by organizations. In other parts of the world, the Asia-Pacific Economic Cooperation (APEC) initiated Cross-Border Privacy Rules (CBPR), which focuses on building trust between consumers and organizations as individuals' data flows between APEC economies. This is accomplished by requiring participating APEC organizations to implement data privacy policies that conform to the APEC Privacy Framework. In the U.S., personal data breaches such as at Experian and the Facebook - Cambridge Analytica scandal are compelling legislators in individual states to implement data privacy laws. The state of Vermont enacted the nation's first data broker legislation that requires data brokers to register with the government, inform people on how to opt-out, what is collected and when their data has been breached, and give individuals legal recourse when their data has been abused. Also, in the U.S., California's state has gone further by introducing new rights for consumers regarding the privacy and use of their data. The California Consumer Privacy Act was enacted and took effect in 2020. It's anticipated that growing momentum for individual data privacy will eventually lead to a more uniform law at the federal level to provide consistency across all states sometime in the distant future.
Another US regulation designed to protect consumers is the NY DFS Cybersecurity Regulation (23 NYCRR 500) that requires New York banks, insurance companies, and other financial services institutions regulated to assess their cybersecurity risk profile. This regulation includes providing audit trails showing that data retention is held for only three years rather than the previous standard five-year data retention period.
Organizations that must comply with these laws and regulations face new challenges and compliance risks. Organizations today must know where their user data resides, categorize the data's level of vulnerability, impact, and risk to the organization, and ensure that they remain in compliance to meet many different regulations. Some solutions came into being to help address some aspects of these issues, such as Identity Governance and Administration (IGA), which was initially driven by SOx regulations that required organizations to ensure separation of duties (SOD) as a means to prevent accounting fraud. But IGA only covers a subset of the data compliance requirements. A comprehensive solution is needed that uses data intelligence to provide governance, privacy, and protection of customers' data.
BigID helps organizations with their data protection and compliance requirements by finding, categorizing, analyzing, and correlating their data, giving a centralized view of their data without centralizing the data itself. Founded in 2016, BigID is a growing mid-size company with a 7x year-over-year growth performance. BigID is headquartered in New York with offices in Tel Aviv, London, Zurich, Singapore, and Sao Paolo.