Podcast: ‘The human element’ in compliance at RSA 2020

In this podcast, we review the recent RSA Conference 2020 in San Francisco with compliance expert Mathieu Gorge, CEO of Vigitrust.

We talk about key themes at the event, including the “human element” in dealing with data, getting back to basics on network and data management for security and compliance, plus issues such as trust and what it means for data and organisations.

There was also discussion of the implications of the current Covid-19 crisis and the ongoing needs of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Antony Adshead: What were the key themes discussed at RSA 2020 last week?

Mathieu Gorge: The theme at RSA this year was “the human element”.

This was looking at the role of employees, C-level executives and boards and also continuous education for anybody dealing with sensitive data and data covered under privacy regulations and standards.

I felt this year that there was a lot of going back to basics, looking at networks, encryption, backup and recovery.

There was no single theme coming out of RSA other than “the human element”.

Now, typically there’s a new buzzword comes out [at each year’s event]. Last year it was orchestration. This year was really around managing data and managing the network, which is why it feels like going back in time.

That said, a number of side conferences were extremely interesting. For example, the annual IDC event, which is held on Wednesday at RSA, which spoke about digital trust programmes for C-level folks and for boards. They were looking at key elements of trust and what would constitute trust for data, how do you acquire the data, how do you store it and what it means for compliance.

They were basically saying the data privacy market opportunity in 2019 was $800m and was looking to grow tremendously over the next five years.

Of course, with the current situation with Covid-19, there was a lot of talk about giving access to critical data to the right people at the right time, for example business continuity and disaster recovery.

Most organisations are actually testing their teleworking policies at the moment, and crisis management solutions, and therefore being able to access the right data at the right time was one of the other themes that was discussed this year.

Adshead: What key points about storage and compliance arose at RSA 2020?

Gorge: This year we saw a number of new vendors in the privacy assessment and management space, but also in the identification space, which is something we covered before in terms of tokenising information and being able to re-use it for a secondary purpose without breaching the likes of GDPR.

But also new solutions and new requirements around consent management and the role of data compliance there, so again going back to how do you acquire the data, what are you allowed to store, how you can store it.

And of course, there wasn’t just GDPR. There was CCPA. And there were a number of talks around what is the best way to comply with CCPA around data compliance and storage, bearing in mind that consent in GDPR and CCPA are different and also that the way you can store information needs to be commensurate with the way the organisation takes the data, what type of it is, is it credit card holder data, protected health information, or simple PII [personally identifiable information]?

So, there are a lot of vendors, and if you look at the market at a glance, you can see three main types of products that can help you with data classification and data management, and also data discovery and mapping.

Those new vendors that are there on the RSA show floor all look at the requirements of GDPR as a basis and then go back into CCPA. So I think that if you don’t know where to start in order to choose your solution, you probably need to look at the requirements of CCPA and GDPR and then dial back to the exhibitors that were out at the RSA conference.

So, overall, I think 2020 is going to be an interesting year with regard to solutions that can help you with storage and compliance. We are seeing a lot of M&A [mergers and acquisitions] in the market and also a lot of the companies were announcing major investments in privacy, data discovery and classification.