Happy Data Privacy Day!
Data Privacy Day, observed on January 28th each year, is a global initiative to raise awareness of privacy and data protection while providing broader insight into how our online communities can keep data safe. The day is increasingly critical for building global awareness by both educating companies on how they can be better stewards of data and supporting citizens by highlighting simple steps they can take themselves to control how their data is used.
Why is Data Privacy Day so important to Sitecore?
In recent years, we've seen the introduction of the California Consumer Privacy Act (CCPA) and the Lei Geral de Proteção de Dados (LGPD). With the implementation of the California Privacy Rights Act (CPRA) in 2022, as well as discussions of a potential federal privacy law in the US and the invalidation of the Privacy Shield, regulators overseeing data compliance have never been busier.
As a result of these new laws, along with discussions in academia and the popular media, data privacy and personal data protection have become increasingly top of mind for all of us who use technology for online banking, shopping, and staying connected amid COVID.
We've also seen the headlines and know that cybercrime has increased dramatically during the pandemic. With a data breach costing an average of $3.86 million and taking an average of 280 days to identify and contain, respecting privacy is in businesses' interest, too. Organizations handling data must take steps to ensure they don't over-collect data that may be compromised in a privacy breach or security incident — and they must take reasonable steps to ensure they can maintain appropriate security controls.
So, what does this mean for Sitecore customers?
Sitecore's Chief Legal Officer, Rich Foehr, who is also the Chair of our Data Governance Committee, is firmly committed to translating the principles of global privacy laws into our daily practices, ensuring we don't just check the compliance boxes but practice what we preach:
"We're constantly monitoring and improving our privacy and security controls both across our product suite and as part of our enterprise framework. For Sitecore, it is vital that we can continue to be agile, evolving our strategy to meet the needs of the ever-changing cyber and data landscape. Our internal controls are designed with privacy and security in mind and, as we build our products, we're always thinking about how to give customers control of their data, asking ourselves 'How can we build greater trust with the people using our products?'"
To help support our customers' compliance, Sitecore has a number of materials here, which demonstrate how our products can be configured to meet the needs of global privacy laws. We also have a Global Privacy Guide and a Security Guide to support developers using our product offerings.
To demonstrate our commitment to protecting customer data and aligning with industry-recognized best practices, Sitecore maintains a number of compliance programs and certifications in accordance with strict regulatory and industry standards. More information on these certifications is available in a previous blog post here.
Steps we take at Sitecore
At Sitecore, privacy and security aren't just programs — they're embedded them into our culture. Executing an effective data governance strategy is an ongoing effort as opposed to a one-time initiative. We monitor all Sitecore data flows as our product evolves and improves. And we continuously optimize for data integrity as we make processes more efficient across the company.
We aim to be transparent with our customers, partners, service providers, and web visitors about how we handle data in every interaction with Sitecore, so everyone, including our customers' customers, can rest assured that their information is safe and secure.
For further information on our security certifications and the steps we have taken to comply with the GDPR and CCPA, please visit our Trust Center here.
Get involved in Data Privacy Day
If you would like to get involved in Data Privacy Day 2021, you can take a look at the NCSA site here.
And, as always, if you have any questions on privacy at Sitecore, you can reach out to us at [email protected].
Rachael is Senior Director, Legal Counsel (Global Privacy and Data Security) at Sitecore, where she manages the company’s internal data governance program and advises on global privacy, data protection, and cybersecurity matters. Follow her on LinkedIn.