As far back as computers have existed and been used to store and process personal information, data security has been on the minds of management. For decades, data security has come in the form of firewalls, other network access controls, system hardening, event monitoring, and other measures – most of which protected the information enclave while virtually ignoring access to and use of personal information.
Emerging privacy laws as well as emerging capabilities like DLP have created the first real opportunity for organizations to enact actual data security capabilities focused on the data itself instead of merely keeping intruders out and preventing workers from removing data. There is much progress yet to be made, but the capabilities exist today for organizations to focus specifically on data they intend to protect and manage.
— excerpt from CIPM Certified Information Privacy Manager All-In-One Study Guide, published in 2021 by McGraw-Hill Education