Looking Ahead to Data Privacy in 2021

Looking ahead to Data privacy in 2021

The adage asserts that hindsight is 20/20, and the events of the last year seem to have supported that claim, especially as it relates to the tradition of New Year’s predictions. The Covid-19 pandemic upended the status quo, leaving many of last year’s prognostications null and void. 

I certainly cannot blame folks for being hesitant to offer previews of 2021, but I believe we will see a handful of clear trends for businesses as they relate to data privacy, based on the continued surge in data creation and monetization, combined with the momentum of new privacy regulations. 

A new data management and access model will emerge. Data is the foundation for any organization’s success, and it provides invaluable insight. However, there are also more restrictions and considerations on how it must be protected while at rest and while being shared. 

So, with the rise of data monetization (data selling) and data sharing, organizations will need to protect data in motion via new computation models that incorporate privacy-preserving analytics and innovative architectural models. Such models will also have to keep privacy referendums in mind — like California’s recently passed California Privacy Rights Act (CPRA) and the EU’s GDPR. Organizations are gleaning new ways to extract value from data. 

How companies should react: In 2021, organizations will have to be more deliberate in their interactions to make sure all their data’s competing interests are satisfied while ensuring ROI. Incorporating “data as a service” solutions will enable organizations that collect, analyze and responsibly share wide swaths of data with outside organizations to create unprecedented revenue opportunities. 

Infrastructure will take center stage. In 2020, the cloud became a saving grace for companies that had to quickly pivot to a remote work environment, and it seems inevitable that the current reliance on remote work will continue for a while. Cloud migration and data lakes will become more critical in allowing people to safely do their jobs no matter where they are. However, this mass transformation isn’t without its consequences because privacy and security protocols are often secondary to speed and efficiency. 

How companies should react: Organizations should adopt a DataSecOps approach to protect data in cloud environments. This approach considers how data security may be impacted by every decision, and it requires continuous communication between IT and data scientists and collaboration to determine how to protect data at all times. As a result, data protection ceases to be an “add-on” and becomes part of an organization’s corporate DNA as more business is conducted in the cloud.

Privacy laws are driving more stringent data privacy best practices. Like the EU’s GDPR, CPRA allows consumers to request corrections to their data. It also expands the types of data that covered entities must now protect, and it requires more comprehensive tactics to protect it. Without question, many organizations will now have to rethink their approaches to data management, but the result will be dramatic risk reduction and greater efficiency.

How companies should react: Organizations covered by CPRA will need to begin reviewing all the ways they identify, protect and retain data to prepare for the commencement of the law in 2023. Companies should also begin discussions with third parties, contractors and service providers with which they share data because those organizations will also be subject to CPRA. Additional privacy laws across geographies will emerge — in fact, we will likely see momentum for a national privacy referendum similar to GDPR. Industry regulations will continue to be amended to incorporate privacy requirements as the data tsunami continues to build.

Privacy laws are also driving privacy-preserving analytics. Expect to see further developments among the companies that collect data to investigate ways of analyzing that data responsibly. We may also see an increase in the need and availability of privacy-preserving technologies, especially for those aimed at companies in the financial services, healthcare and retail sectors. 

How companies should react: Take a closer look at solutions that interact with data and ask solution providers how they are enhancing offerings to align with current and proposed regulations. Companies should ask their vendors about the ability to process their customer data without compromising privacy, especially in cloud environments. The time to start having these conversations is now.

Data creation, collection and analysis continue to occupy more important roles in businesses large and small. Recognizing changes related to every aspect of data management and adjusting practices accordingly are key to maintaining consistent ROI — not to mention avoiding the regulatory drawbacks of noncompliance. No matter the year, staying ahead of the game is a far easier and more profitable prospect than playing a never-ending game of catch-up.

This article originally appeared in Forbes.


Join our newsletter

Schedule a Demo with the Baffle team

Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.


No application code modification required


Deploy in hours not weeks


One solution for masking, tokenization, and encryption


AES cryptographic protection


No impact to user experience