Sign up for our newsletter and get the latest big data news and analysis.

Leveraging AI for Optimal Privacy Compliance — Does it Outweigh the Concerns?

In this special guest feature, Itzhak Assaraf, CTO and Founder at 1touch.io, says you may have reams of personally identifiable information (PII) sitting somewhere in a database, but it’s of little use if you don’t have any way to make sense of it all. Artificial Intelligence is what helps make sense out of all this data. Itzhak has more than 20 years of experience in all aspects of technology, software, network, security, and hardware. Prior to joining 1touch.io, he spent a decade running a successful software house that was expert in startup innovation and solving enterprise challenges using technology. Itzhak holds a Software Engineering degree in computer science from Sela University.

Is AI the source of the data glut we find ourselves in today? Or is it the cure to the deluge?

Turns out, it’s both.

Today, organizations are dealing with more data than ever. Every second of every day, more than 1.7MB of data is created about each person on the planet. This data is used by companies in countless ways, from building better marketing campaigns, to improving user experiences, to helping detect fraud, to predicting trends, and so much more.

But the sheer volume of all this data makes it rather impossible to be useful on its own. You may have reams of personally identifiable information (PII) sitting somewhere in a database, but it’s of little use if you don’t have any way to make sense of it all. Artificial Intelligence is what helps make sense out of all this data, by analyzing, categorizing, and managing it so that insights can be easily extracted and put to use. And by nature, the more data AI ingests, the more accurate it becomes in its ability to make sense out of the mess.

More AI = More PII

But the more data it’s given, the more data it spews out in the form of even more PII.

For example, consider the myriad of AI-based fintech platforms available today. Though each one has its own particular purpose and feature set, they all tend to have one unifying characteristic; in order to do their job, such as making recommendations regarding stocks, refinancing, or loans, or to perform client risk assessments or algorithmic trading, etc., they must collect lots and lots of data.

Using AI methodologies, this data is analyzed and categorized, which leads to the creation of more of it in varying forms. Data teams also create countless copies of data sets to train and test modules, creating new pieces of PII. So not only does data fuel AI, it’s AI’s byproduct as well. And this excess in personally identifying information has rightfully raised more than a few eyebrows.

Privacy Regulations and AI – At Odds?

As data science and marketing teams around the globe cook up new ways to wrangle more data—and thus more insights—out of consumers using AI methodologies, those same consumers (i.e., me, you, and everyone else) have started asking some hard questions: What PII do you hold on me? What happens to my PII once it’s on your database? With whom do you share that PII? And if you don’t take proper precautions with my PII—perhaps by letting it fall into the wrong hands or misplacing it in your database—will there be any consequences to your organization?

To this end, privacy regulations such as GDPR, CCPA, and now Brazil’s LGPD, have stepped in to ensure that companies take proper precautions with the data they collect. These laws demand that data is stored, managed, and kept safe at all costs. And according to the core requirements of these regulations, data subjects can request access to the data you hold on them—and you must fulfill data subject requests (DSARs) within a short window of time.

But problematically, the nature of data is to be spread out. You may only have one central database where data is stored, but finding the right information when you need it can become a gargantuan task—and if you cannot fulfill these requests because your data is stored improperly, or you only have partial access to data, you’re setting yourself up for major fines and legal action.

Leveraging AI to Simplify Privacy

And this is where AI can redeem itself; It’s true—AI compels companies to collect every ounce of data they possibly can. And it, in-and-of-itself, is the source of lots of superfluous PII which can become a liability; But by its nature, it also has the potential to help corral all this data and enable organizations to meet—and continuously adhere to—privacy regulations with greater ease.

AI has three distinct characteristics that make it the perfect tool to make sense out of the data mess that many (okay, most) organizations find themselves in today:

Speed – AI can sort through huge troves of data in a matter of moments, to ID and categorize data far faster than humans could ever be expected to. This allows it to find PII in nearly real-time for ideal DSAR compliance.

Accuracy – AI isn’t subject to boredom or fatigue, allowing it to perform with highly precise results and can even categorize data into regulation-sensitive categories. It can also extract PII from structured and unstructured data sets.

Autonomy – AI can automatically identify data in any location and track and control any movement of that data. It can also automatically eliminate any extra copies of PII to reduce your attack surface, thereby decreasing your organizational risk.

Before smart people thought of putting AI on the data privacy task, all of this had to be done manually and with different, siloed toolsets—tools for monitoring, tools to apply policies, tools to assess risk, etc. This made it very difficult to get a full and complete picture of the data organizations held on data subjects.

AI is changing the story; It brings all of the siloed elements together to create a unified approach to achieving compliance. It allows you to understand entity relationships and what data elements mean. You can also analyze countless data types such as known and unknown data, structured and unstructured data, and data at motion and at rest and link all this data together to create a full and continuously updated picture of data subjects. This enables automatic and sustainable compliance with any privacy regulation.

So yes, AI does pose some concerns in our data-crazed world; But when leveraged properly, it can become the perfect tool to achieve an optimal compliance posture—and respond to DSARs faster and more accurately than before.

Sign up for the free insideBIGDATA newsletter.

Comments

  1. Thanks for the great tips! I couldn’t agree more that, while the advantages of data collection AI offers create great opportunities for marketers, it also makes consumers squeamish, which means marketers need to be careful about how we use that information.

Leave a Comment

*

Resource Links: