The implications of the announcement last week that Safe Harbor Agreement Framework, a set of rules that allow US companies to import European personal data while straddling EU privacy regulations, was struck down by the EU Court of Justice are still being established. Regardless, there’s no doubt this ruling will complicate cross jurisdictional information sharing and impact marketing organizations and cloud service providers going forward.
This places the spotlight on data privacy, but it’s bigger than cross-jurisdictional information sharing and cloud SLAs. Data privacy and data governance concerns simply aren’t regional, or just cloud-specific. According to Information Age, both are top ten CIO priorities for 2015, and not surprisingly have a common thread in nearly every discussion I’ve had with customers over last six months.
A few years ago, my conversations would start with trying to get everyone to recognize the dark data “elephant in the room”. Now many organizations have recognized there’s a problem and they are looking for ways to not be trampled. Sure, cleaning up data that resides in the dark recesses of your applications, servers and even Hadoop data lakes presents legal risk and piles on additional cost to store and manage.
On the other hand, data privacy and security around “sensitive data” – social security, credit card numbers, salary information, customer lists, sales forecasts etc. – being leaked or unsecured servers being hacked poses a similar threat. Digging in even deeper, and on a personal level, these types of data breaches also place the organizations’ and the CIO’s reputation at risk.
Data privacy and data security have been thrust on the front pages before us and shockingly, they’re almost becoming commonplace. However, with SONY, Ashley Madison, Premera Health, Home Depot, WikiLeaks – virtually no market sector is immune to data breaches. These threats combined with the unbridled growth of unstructured data across the enterprise have placed significant strains on the resources, and systems simply to keep heads above water. In many cases our customers are simply looking for a place to start – like I said, they admit there’s an elephant in the room, now how do we tackle the problem?
For the European Union and its jurisdictions looking for perfect, ringed fence privacy as they negotiate with the US, they may not be as fortunate finding an ideal place to start. For organizations, you should reflect on the broader risks of data privacy – both in transferring and sharing data but also on the unintended consequences of the dark data you keep.