Collection of consumer data is mainstream and global. The generally accepted premise of the big data movement is to collect as much data as possible, since storage is in theory cheap, and then to use distributed computing and advanced analytics to cypher through the mess to be able to answer complex questions across your enterprise. While I still believe this isn’t necessarily a great idea (there is such a thing as bad data), I digress. To the point of this article, we have, as a society, reached the point where the global populace is asking for the IT industry to be held responsible for the safe-guarding of individual data. If the cat is out of the bag, and the data collection will not stop, then the next logical question is: how do we protect the privacy of individuals/groups?
In this new world order, data collection must come with a corporate responsibility to protect data. Sometimes this is a legal responsibility. Other times it’s a social responsibility.
Social responsibility is quite complicated, and truly a grey area. It’s all about what you feel is “right.” As far as legal responsibility is concerned, some rigidly-defined data privacy controls are starting to appear in the form of new regulations around the world. To name a few:
Lets take the EU’s GDPR, which comes into full effect in May of next year, as an example of enforceable data privacy legislation. The intent of the GDPR is to provide a single set of enforceable rules for data protection throughout the EU, thereby making it easier for non-European companies to comply with these regulations. The Regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU. Furthermore (and unlike current EU privacy laws) the Regulation also applies to organizations based outside the European Union if they process personal data of EU residents.
So what does all this mean? Enterprises must begin to separate security and privacy. Encryption, defensive cyber controls, etc. are security policies.
Sounds boring, kind of. But a well-built governance strategy creates a workflow for the creation of advanced analytics, with data privacy at the core of the design. And that is important.
