Since the dawn of the internet, threats on data privacy and security have been a growing concern. Each year, numerous new malware programs are created enabling malicious activity and false identities. Massive data breaches have become a regular occurrence, impacting millions of consumers’ personal information. These attacks against consumers, businesses and nations have become a part of our daily lives, even with cyber security controls in place.
Unfortunately, the advancement of new technologies brings even greater complexity. As disruptions such as Artificial Intelligence (AI), the Internet of Things (IoT) and Blockchain take hold, user privacy, provider transparency and data trust are becoming stronger imperatives for businesses to address.
IoT is among the biggest threats to data privacy. It’s estimated that more than five million new devices are being connected to the Internet every day, with the potential to reach more than 21 billion by 2020. Businesses capturing behavioral data through IoT sensors need to rethink their strategy, especially with new regulations such as the General Data Protection Regulation (GDPR) being adopted.
In the case of a cloud-enabled stuffed animal (which media have referred to as the “creepy IoT teddy bear”), more than two million voice recordings of children and parents, along with their e-mail addresses and passwords, were exposed by the manufacturer. Available on an Amazon-hosted service that required no authorization to access, the customer data was accessed multiple times by outside parties, including criminals who held the data for ransom.
With GDPR, the responsibility of protecting the personal data of customers and anyone else who touches your data falls on the shoulders of the organization that collects it, and there are stiff penalties for those companies that don’t comply. On the road to GDPR compliance organizations must be able to answer two critical questions: “Where is my data?” and “Who is responsible for that data?” and show proof of their answers. Every company must have an end-to-end understanding of, and processes in place regarding, how personal data is captured, transformed, held, and destroyed by everyone who touches it across an organization. Individuals are really empowered by the GDPR to the point that they need to be able to understand for what purpose the data is collected and processed in the first place.
The problem is most companies today don’t have this information available at their fingertips, if at all. Data is hidden in various departments and business units across the organization and business users struggle with trying to find the data instead of using it for business advantage and regulation compliance. If you were to ask around in the organization why the data was collected to begin with, you might have a hard time finding anyone to provide an answer.
Developing Trust in the Data through Governance
Data governance enables users to quickly and securely access, understand and trust data for business intelligence, analytics, machine learning and more. Data governance is the set of processes, standards and policies upon which data owners within the organization agree to make the data usable enterprise-wide.
Data governance also serves as the underpinning of GDPR compliance while offering a secure framework for advanced technologies like IoT and AI. It provides the necessary level of data maturity and quality organizations need to begin addressing the complex issues surrounding GDPR compliance.
Although data governance and regulations like GDPR will not prevent breaches from happening, they will force companies to be more cognizant about the state of their data, and as such be aware of risks, mitigate them and correctly respond to them. Should a breach occur, having data governance in place gives a company a leg up on identifying some key factors (e.g., where the company got breached, the person in charge of the data/data owner and the scope and size of the breach) so the organization can quickly start its process to address the problem.
Blockchain Needs Governance, Too
Many believe Blockchain, the technology at the heart of Bitcoin, has the potential to create a new foundation for secure business transactions, especially in government and financial services industries. Blockchain is an open, distributed ledger that can record transactions between two parties without having to go through a central authority for verification. Using cryptography, users are assigned an “anonymous” user profile through an electronic address, creating a sense of security in a trusted environment.
Blockchain adopters will be quick to state that cryptocurrency security standards offer the solution for cyber security and the protection of personal data. But of course, there are still risks. In the case of Bitcoin (Blockchain’s first and most widely recognized application), should an incident like a crashed hard drive or online hacking occur, a person’s entire collection of Bitcoins can be wiped out. Additionally, because of the Blockchain’s distributed nature where every miner has a copy of the database, data privacy and protection will take on a new dimension. Yes, you can be anonymous in the transaction, but the collection of all of your transactions becomes a sort of data fingerprint that is way more accurate in identifying than traditional PII classified attributes. If companies are really preparing production environments for Blockchain, they will also need to consider key storage policies, usage rights and policies, permission grants, audit frequencies, data sanitization, third party data management, proof of reserves, and so on. All of this is addressed through data governance.
Moving forward we will see more of these disruptive technologies like AI, IoT and Blockchain being applied as organizations look for ways to re-imagine and reinvent themselves in today’s digital world. Because personal data is at the heart of so many of these technologies, it’s essential companies take appropriate measures to ensure the security of their data, and even more important, their customers’ data. Implementing an automated data governance solution is a great place to start.
About the Author
On assignment to CDM, this Special Report is brought to you by Stan Christiaens, CTO of Collibra. Mr. Christiaens leads the Collibra global product organization with a focus on driving data governance technology innovation. Prior to co-founding Collibra, Christiaens was a senior researcher at the Vrije Universiteit of Brussels, a leading semantic research center in Europe, where he focused on application-oriented research in semantics. Christiaens is a sought-after expert resource, industry speaker, and author on the topic of data governance and semantics. He has participated actively in several international research projects (such as ITEA, FP6 and FP7) and industry conferences. He has also published various articles and patents in the field of ontology engineering. Christiaens holds a Master of Science degree in Information Technology and a Master’s degree in Artificial Intelligence from Katholieke Universiteit Leuven and a Postgraduate in Industrial Corporate Governance from Europese Hogeschool Brussel.