Data Privacy Happenings 📰

Hello from MineOS's monthly newsletter, The Privacy Mindset! 👋

We're nearly through 2023, which means it's time for a cascade of year end reports and summaries. A big one that dropped this week was the IAPP-EY Privacy Governance Report 2023.

As IAPP is one of the epicenters for data protection and governance, the report has invaluable insights into the state of the industry that should inform how privacy professionals are approaching their jobs in 2024.

A main takeaway? Most privacy professionals recognize the challenge in front of them, as only 18% noted they were "totally confident" in their company's compliance with privacy laws and policies. Not all is lost, as 72% said they were "somewhat confident," but the evolving nature of the industry brings heightened challenges every year.

One problem of tackling those challenges is resources.

While only 14% saw a decrease in the size of their organization's privacy team in 2023, 63% of respondents agreed that the lack of resources limits the ability to deliver on objectives. That is compared to just 26% who disagreed with that statement.

Every organization is different, but privacy team growth slowed in 2023 amidst concerns of economic recession, with only 33% reporting a net increase, compared to 38% growth in 2022.

Going forward in 2024 and beyond, those numbers may have to grow, as the sudden emergence of AI governance has driven data governance into an even more integral role than it previously played.

This is reflected by the strategic priorities respondents reported, with AI governance up from 20% to 33%, jumping from 9th to 2nd in the rankings.

The 1st spot in the rankings went to Privacy Impact Assessments and Privacy by Design, which saw a small increase from 31% to 35% from 2022 to 2023. This is likely due to the influx of new privacy laws in the United States and globally that require routine PIAs and aspects of privacy by design such as data minimization.

All the data from the survey confirms what many in the industry already know: data governance punches above its weight in organizational importance, but the challenges of AI figure to reshape and (hopefully) reprioritize data protection and security.

Product Spotlight 🔦

As data governance gets increasingly important to the everyday operations of organizations, more and more workers will be interacting with data governance software.

To make that smoother, we've added new DSR Manager and Data Inventory Manager roles to MineOS!

DSR Managers will have quick & easy access to all the automated DSR tools on the platform to efficiently handle any and every data subject request.

Data Inventory Managers will get a special eagle-eye view of data assets to maintain administrative control over data and inventory.

Regulation Focus 🔬

Delaware Personal Data Privacy Act 12D-103(b)(1)

"(b) This chapter does not apply to any of the following entities:

(1) Any regulatory, administrative, advisory, executive, appointive, legislative, or judicial body of the State or a political subdivision of the State, including any board, bureau, commission, agency of the State or a political subdivision of the State, but excluding any institution of higher education."

Delaware's DPDPA is the most recent comprehensive data privacy regulation to pass in the United States, the eighth state to pass such regulation in 2023.

Delaware's law is arguably the most unique, with a variety of inclusions and exclusions that make it markedly different from most of the other bills passed this year.

It is the first state to include "status as transgender or nonbinary" as part of sensitive information, it is the first to expand the right to opt-out of profiling to include "demographic characteristics," and it is the only state regulation to not exempt nonprofits or higher education.

Delaware follows Oregon's lead for not exempting most nonprofits, but takes the dramatic leap to not exempt institutions of higher education either, placing an emphasis that universities and colleges will need to properly handle student data as well.

It will be interesting to watch if states that pass laws in 2024 adopt this approach or lean on the lengthy standard list of exemptions.

Founder's Corner 🎙️

CEO & co-founder Gal Ringel

Q: How can companies help facilitate team bonding more organically?

A: I think it all starts with company culture. That is going to inform what type of person you hire, and hopefully there would be some overlap between employees on things like interests, work approach, and life perspectives.

From there, when you actually schedule team-building events, you have to be open beforehand to try to set an activity and schedule that the majority agrees on.

For us, we love doing those activities during work hours, because it lets everyone know that team-building and bonding is just as important to our success as the work itself is. Mandating people attend team-building events outside of work hours can make it feel forced, and we don't ever want anyone to have to sacrifice work-life balance for something that should be fun.

Webinars & Events 📅

We're ending November at PrivSec Global with a couple of star-studded virtual sessions!

CPO Kobi Nissan will host a panel featuring data privacy experts from BSI, DoorDash, and SharkNinja as they explore "Mastering Employee DSARs" on Nov 29 at 6:30 GMT.

Then on Nov 30 at 12:30 GMT, CEO Gal Ringel will take part in a panel on "Ethical AI in Principle," where he and other speakers will dive deep on if we are maintaining a balance between innovation and privacy ethics, and if not, how to navigate an unprecedented period of technological growth.

Register free for PrivSec here to be part of the conversation!

Talk about

data privacy

with us:

press@saymine.com

How did you like this month's issue?

Let us know