Not a day goes by without an article in the news about data security, or who has gathered and potentially shared data. Every business wants data to be an asset that helps drive business insights, but many organizations, regardless of size and industry, aren’t sure about the level of risk associated with how they acquired data, or where and how they’ve stored, shared and made use of data. Your organization may be laboring in this fog of uncertainty, as well. Do you think the risk associated with holding data might be someone’s concern, but certainly not yours? If so, you’d better think again. In this digital age, security and governance must be front-and-center for every worker in every organization. Data risks and their implications now extend to boardroom conversations. The use of personally identifiable information (PII)—any data that could potentially identify a specific individual—is increasing across all sectors. Researcher IDC predicts that the collective sum of the world’s data will grow from its 33 zettabytes (ZB) in 2018 to 175 ZB by 2025. That represents a compound annual growth rate of 61%.
Not all of this information is PII, but a large proportion of data held by businesses will nevertheless be sensitive to customers. The enterprise’s role as a data steward continues to grow right along with the rise in potential sensitivity of data, according to IDC. What’s more, consumers are not just allowing this, but expecting it, says the researcher.
Understanding the Data Governance and Security Challenge
It’s this focus on stewardship that helps explain the rise in data regulation. As the use of PII increases, its governance becomes more important, too. All around the world, nation-states are struggling to create legislation that can keep pace with the explosion of information held by private and public sector organizations.
Foremost among these regulations is the General Data Protection Regulation (GDPR), enacted by the European Union in May of 2018. The first big fines resulting from this legislation are beginning to surface, with British Airways facing a £183.4m fine as a result of a cyberattack last year, as reported by ZDNet.
The enactment of GDPR has been followed by Japan’s Act on the Protection of Personal Information (‘APPI’), the California Consumer Privacy Act, and Brazil’s new data protection law, known as LGPD. In fact, digital leaders in all countries should expect similar legislation. Researcher Forrester released a study on the privacy laws of 61 countries, many of which enacted strict privacy regulations in 2018; more will continue to do so this year, says TechRepublic.
This set of regulations highlights how concerned governments around the world are about what big business is doing with people’s data. At the same time, such legislation also works to heighten public awareness. Consumers are increasingly interested in what data your business holds about them, how you’re using that information, and who you’re passing it to.
Knowing How and Why Data Is Stored and Used
In this environment, it is now business-critical for your organization to be obsessed with data lineage and the life cycle of information, from its origins to how it’s used and processed over time. While legislation may have focused first on the individual’s right to be forgotten, the emphasis going forward is likely to be on the right to know how consumer data has been used. As an example, on January 1, 2019, Vermont’s Data Broker Act went into effect: It requires all “data broker” businesses (“a business, or unit or units of a business, separately or together, that knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom the business does not have a direct relationship”) to register with the Vermont Secretary of State.
The challenge for businesses in maintaining data security and governance in this regulatory environment is significant. Data isn’t just structured and held in safely confined stovepipes. Your customer data comes in a variety of forms, both structured and unstructured, and it’s held in a variety of locations: on-premises, in the cloud, at the edge (IoT/sensors).
To have your customers feel confident about how their data is being used, your business must understand the full breadth of the data it stores and collects. This approach ensures that an organization has full awareness of how employees acquire and source data. It requires data governance that moves beyond security and privacy and into a third critical area: risk. Unfortunately, an organization’s data assets can quickly become a liability!
And it’s not just about how data is being held: Your firm must think about the risk of holding this information in the first place. It must have a comprehensive understanding of where data has come from, how it is being used, and the potential level of exposure from this data being lost, stolen or misused—new expense elements that are quickly becoming components of return on investment (ROI) analyses.
Putting Data at the Center of Your Business Strategy
Your approach to risk must be much more than an insurance policy. Instead of thinking about how you might be covered in a worst-case scenario, your organization must take a proactive approach to its data strategy: Focus on the potential financial, social and reputational risks of a data leak. No one wants today’s poor data management to be tomorrow’s news headlines.
This proactive approach will ensure that data management sits at the heart of your business strategy. Your business will recognize that its data holds a potential competitive advantage—and that its business strategy must dictate how that data is used in a risk-free and governable manner.
Businesses that create this overarching approach draw on the expertise of trusted partners to build an enterprise-ready platform. These businesses use the cloud to exploit data and meet their strategic goals in a risk-free manner that keeps both senior executives and customers happy.
So, instead of seeing GDPR and data legislation as a bind, firms with an enterprise-ready platform can use data governance and security as a competitive advantage. By knowing what their data assets hold and how they’re being used, see how businesses can manage information with confidence—and that capability can make a significant difference in the fast-moving digital age.