The issue of data privacy seems to be everywhere in the news these days. Though data privacy was primarily the concern of chief privacy officers in the past, chief technology officers (CTOs) are increasingly being tasked with operationalizing their companies’ data privacy solution. Why? At its core, data privacy is a data issue, and privacy is an outcome of a comprehensive data protection strategy.
However, it's impossible for privacy professionals using manual, survey-based approaches to stay on top of an environment of exploding, ever-changing data. How are companies being inundated with so much data? They are constantly purchasing data from third parties to build better profiles of their customers, as well as buying streams and feeds of data for social media vendors to build better customer profiles.
In addition, as many companies consolidate through mergers and acquisitions, they are also acquiring completely unknown data sets and data transfer agreements between business partners, much like the one that existed between Cambridge Analytica and Facebook.
Organizations today are struggling to meet new privacy requirements, such as GDPR and the new California privacy law, CCPA, and they are looking for ways to lock down their data by default for fear of data misuse. However, this lock-down strategy is an over-reaction that is rendering their most valuable resource — data — unusable.
What CTOs Need to Do
The volume, variety and velocity of big data is overwhelming traditional privacy functions, which is why companies are turning to their CTOs.
Here are our recommendations for CTOs:
Map your data - Companies should be mapping data on premise, in the cloud, while streaming and at rest, structured and unstructured. Solutions should be implemented that go way beyond the boundaries of traditional DLP solutions to find where data resides throughout the organization. CTOs also know that they can't rely on metadata, given that it doesn't capture human error. For instance, we often find SSNs in a phone number column because someone inserted the wrong information in the wrong field of a web form.
Tie policies in real-time - It's not enough to know where data sits. You also need to know whether its existence or use violates any laws. Companies are looking for software to apply policies in real-time on live data as it's changing. That's the only way to have potential problems flagged if, for instance, a data scientist in the market department buys a problematic data set.
Automate remediation - Manual processes don't scale. CTOs should look for solutions that will trigger events within their infrastructure and automate remediation at terabyte and petabyte scale.
Create an audit trail - With GDPR and CCPA, companies need to be able to prove that they've taken the right action on their data. That's why CTOs should look for software that can create evidence of compliance and remediation efforts.
The New Approach: Data Privacy Automation
The demand for Data Privacy Automation is here. Manual processes simply cannot keep pace with the demands of modern privacy regulations and they impede a company’s ability to utilize all of its data. Data Privacy Automation allows companies to unlock their data and use this most valuable asset in a way that both protects and adds value to customers' lives.
Such a platform should be designed to work securely, at scale and no matter where data resides — continually providing an accurate picture of an organization’s data privacy landscape. Only then will organizations be able to keep up with burgeoning privacy requirements and use their most valuable asset without fear.
About Kristina Bergman
Kristina Bergman is the CEO and co-founder of Seattle-based startup Integris Software, a leading provider of data privacy automation. Integris’s platform is leading the charge in helping organizations build and maintain a defensible data privacy strategy.