Privacy Protection – The Emerging Data Governance Mandate

Print Friendly, PDF & Email

In this special guest feature, Adam Lorant, VP of Customer Success for PHEMI Systems, takes a look at the ever-increasing number and variety of organizations that are facing the challenge of managing their data assets in a hyper-responsible manner to ensure not only data integrity and security, but, increasingly, data privacy. As VP of Customer Success, Adam is responsible for championing customer needs, and driving vision and strategy at PHEMI Systems – a Vancouver, BC-based big data company focused on the storage, management and governance of structured and unstructured data. He works closely with leading insurers, healthcare providers, and other large data-driven enterprises to help them define and implement their big data strategies.

While health care and financial services leap to mind as industries most in need of data governance processes and frameworks, the fact is an ever-increasing number and variety of organizations are facing the challenge of managing their data assets in a hyper-responsible manner to ensure not only data integrity and security, but, increasingly, data privacy.

Same coin, two sides

At its most elemental level, security is about restricting access to data. Privacy, on the other hand, assumes that data will be shared and used. Privacy means making sure that certain information should be made available only to the right person, at the right time. So while privacy depends on security, they are not the same thing. They are more like two sides of the same coin. Or, as others have said: You can have security without privacy, but you can’t have privacy without security.

Privacy protection– the new product mandate

Rarely does a month go by without news of yet another significant data breach affecting thousands, even millions, of customer or other accounts. Terms like cyber security, malware, and hactivists are now part of everyone’s lexicon. But let’s assume, for the next few hundred words, that while improvements and stronger measures are always indicated, the IT industry has successfully addressed many important data security issues. Privacy concerns now dominate the data landscape.

Generally speaking, the approach to privacy protection in the United States relies on industry-specific legislation and regulation, such as HIPAA and the Fair Credit Reporting Act. The EU, however, as well as many other nations, crafted comprehensive, across the board privacy legislation. That means those countries’ privacy laws regulate how anyone who processes any kind of personal information must handle, keep, and secure that information. That puts the onus on technology vendors eager to introduce their solutions into the global marketplace. After all, it will be up to them to provide the products and the tools that will enable their purchaser to meet those requirements vis-à-vis their customer/client/patient.

So while data security has become a given in every contract, today data privacy is the new mandate. As one of our customers put it, privacy is their “non-negotiable responsibility.” And that makes privacy our non-negotiable deliverable.

Privacy via design intent

The most potent and efficient way to deliver privacy, in my opinion, is to build it into the solution right from the very beginning, as opposed to bolting it on after the fact. A privacy management strategy that embeds end-to-end security in the design itself ensures that privacy becomes the default setting for each and every piece of data.

While the amount of effort and expense spent on data privacy is usually linked to amount of risk, I will suggest that a system that has privacy built right into it has an advantage that puts it ahead of the game. That is, the complexity and associated cost of data governance, including privacy, is lower for systems where privacy and security are built into the core by design.

Privacy or security?

This may make some organizations think that they have to choose between privacy and security. Or, worse yet, between privacy and innovation. But these are not either/or propositions. Privacy and data security are perfectly compatible in an enabling, win/win manner, through a strategy that includes collaboration, protected data re-use, and data sharing.

Balancing the data sharing need with the need to protect it is the single biggest problem facing data-driven organizations. But there are technologies that address this dilemma by controlling privacy and access at the data store level. That will enable the IT team to provide different views of the same record to different users based on the data sensitivity attributes, user authorization level, and other parameters. This is a critical capability in most organizations, yet manually applying privacy policies and publishing de-identified data sets for each user or use case is woefully inefficient.

By adopting the right data privacy architecture, you can extend granular and context-driven access control to all data interfaces and access methods ensuring that data sharing is an integral part of your data governance strategy. So now you can tap into the value of your most valuable organizational asset—your information—without compromising the trust of those counting on you to protect it.


Sign up for the free insideBIGDATA newsletter.

Speak Your Mind