In years past, data privacy was the purview of the chief privacy officer. However, increasingly, CTOs are being tasked with operationalizing a data privacy solution for the company. That’s because data privacy is fundamentally a data issue, with privacy being an outcome of a comprehensive data protection strategy.
In a world of exploding data, it’s impossible for privacy professionals using manual, survey-based approaches to stay on top of this ever-changing sea of information. Companies constantly purchase data from third parties to build better profiles of their customers, so they can offer products and services. They also purchase streams and feeds of data for social media vendors to mash up against their own data so they can “fill in the blanks” on customer profiles.
There are also mergers and acquisitions, which result in completely unknown data sets getting dumped into data lakes, and data transfer agreements between business partners, much like the one that existed between Cambridge Analytica and Facebook. The reality is that nobody really knows what data is sitting in their organization, and if they do know, their knowledge is obsolete within 24 hours due to the changing nature of data in an always-on, connected world. This is the challenge facing organizations today as they struggle to meet new privacy requirements.
When you can’t use your data
New regulations like GDPR and the new California privacy law are triggering a knee-jerk reaction across all sectors as companies look for ways to lock down their data by default for fear of data misuse. This practice is rendering their most valuable resource – data – unusable by their organization. Such an over-reaction clearly isn’t the right solution, but it’s the only way most organizations know to protect personal information.
What CTOs need to do
The volume, variety and velocity of big data is overwhelming traditional privacy functions, which is why companies are turning to their CTOs to resolve it. Here’s what we’re seeing them do:
1. Map their data – Companies are mapping data on premise, in the cloud, while streaming and at rest, structured and unstructured. They are implementing solutions that go way beyond the boundaries of traditional DLA solutions to find where data resides throughout their organization. They also know they can’t rely on metadata, given that it doesn’t capture human error. For instance, we often find SSNs in a phone number column because someone inserted the wrong information in the wrong field of a web form.
2. Tie policies to it in real time – It’s not enough to know where data sits. You also need to know whether its existence or use violates any laws. Companies are looking for software to apply policies in real-time on live data as it’s changing. That’s the only way to have potential problems flagged if, for instance, a data scientist in the market department buys a problematic data set, or if in following an M&A transaction they receive a data set that exposes their company to elevated risk.
3. Automate remediation – Manual processes don’t scale. CTOs are looking for solutions that will trigger events within their infrastructure and automate remediation at terabyte and petabyte scale.
4. Create an audit trail – With GDPR in effect and the new California privacy law coming into effect, companies need to be able to prove they’ve taken the right action on their data. That’s why they’re looking for software that can create evidence of compliance and remediation efforts.
The data privacy automation approach
The demand for data privacy automation is here. Manual processes cannot keep pace with the demands of modern privacy regulations, and they’re impeding a company’s ability to use all its data. This has created a need for data privacy automation, so that companies can unlock their data and use their most valuable asset in a way that both protects and adds value to their customers’ lives.
Organizations/companies should not have to compromise innovation for privacy compliance. By bringing together the latest in machine learning and flexible microservices-based architecture, it’s possible to solve this problem and allow organizations to both protect privacy and use their data. Such a platform should be designed to work securely, at scale, no matter where data resides, continually providing an accurate picture of an organization’s data privacy landscape. Only then will organizations be able to keep up with burgeoning privacy requirements and use their most valuable asset – their data – without fear.