Data Privacy: 4 Keys to Safely Share Data

Last Published: Mar 20, 2023 |
David Corrigan
David Corrigan

GM, Data Governance and Privacy

Drive New and Trusted Opportunities to Generate Value from Data

According to recent research, the amount of digital data created over the next five years will be greater than twice the amount of data created since the advent of digital storage.1 It’s not surprising really, with the shift to remote locations to work, learn, and entertain ourselves. Not to mention the proliferation of devices (tablets, phones, smart security systems, wearables, etc.) and sensitive data being captured by businesses used for analytic insights. But how safe is it to collect and share this data without inadvertently exposing it? In celebration of Data Privacy Week2 , I’d like to outline the role data privacy plays in data sharing and decision-making; and discuss the four cornerstones of limiting exposure when sharing data.

Every day, hundreds of organizations safely share sensitive data, and in the process, improve productivity, deliver innovation, and build trust and loyalty with their customer base. There’s a tremendous desire to share data—to connect with people, to make more intelligent data-driven decisions, and to ultimately deliver better business outcomes. While the goal of sharing data is to create business value, the reality is, we also must be conscientious about privacy compliance.

And it’s not just regulators who care. Consumers do too! A recent survey found that Americans will reward companies that protect their data—and punish the ones that don’t: A full 93% of Americans would switch to a company that prioritizes their data privacy.3 And if your consumers trust your brand, the stats tell us that privacy ROI can result in a 2x or more advantage for each dollar spent on privacy solutions.4

Boundaries: A Precursor to Data Sharing

As organizations are modernizing to the cloud, the reality is that data is getting replicated and combined again and again in ways that may not always align with appropriate handling policies. In warehouses. In data lakes. In apps. In reports and analytic tools. Data that is individually non-sensitive, may be joined with other data and may become sensitive. If this data tsunami is not managed properly, you potentially risk exposing personal and sensitive data, and damaging your company’s reputation as well.

So, while frustrating at times, we do need guardrails in place, so we all feel safe to conduct business. If followed, these very boundaries—regulations that include Europe’s GDPR and California’s CCPA; healthcare mandates like HIPAA and HITECH; and the Office of Management and Budget (OMB) mandate for protecting personally identifiable information (PII)—are ultimately what helps organizations preserve their reputations, build a competitive advantage by leveraging new data intelligence, and share data for improved customer experience and business optimization.

So…now that we know the benefits and boundaries of assuring trust when data sharing, how can we become more effective so that we can do so confidently?

Data Privacy: 4 Keys to Safely Share Data Without Fear of Exposure

Ensuring your teams are safely sharing data responsibly within local departments, across global office locations, or between third parties is different than cybersecurity. Cybersecurity is focused more on managing access controls, such as protecting a network perimeter against threats, and limiting internal access to authorized users and systems.

That is incredibly important, but it doesn’t speak to the actual sharing of the data itself and whether it meets policies for appropriate use. What I’m referring to is when people accidentally use data in a non-permitted way, which allows the PII to be copied and proliferated to various data warehouses and data lakes. Now you’re at a heightened risk of exposure.

There are four cornerstones of successful data sharing that can help mitigate such situations. Let’s look at each, using a lens toward data privacy.

  • Find: I should only find data that I am authorized to find
  • Understand: I should understand where the data came from, if I am permitted to use it, and if it is sensitive
  • Trust: I should trust that the data has gone through sensitive data discovery and data governance policies. I should be confident that I am allowed to use it based on my role
  • Access: I should only be authorized to use this data if it has successfully been vetted by data discovery and data governance policies
     
The four cornerstones of data sharing

 

It’s critical that sensitive data is not exposed when being used to create value in analytics programs or other applications. Every employee (every day!) should feel confident in being able to make decisions based on data, and that includes being able to share the data. There should be no second guessing. (Am I going to expose PII if I share this? Will this be encrypted? Is it OK that I am sending this to our London office?) At a bare minimum, employees should expect that data privacy management policies and systems are in place to safely do their jobs by focusing on appropriate use policies to manage exposure.

Privacy: An Enabler of Sharing

It turns out that data privacy isn’t just a pre-requisite before sharing data, it is an enabler of data sharing and usage. More employees are aware of the sensitivity of data, and the consequences of using it incorrectly. If they don’t know whether data is sensitive, or has been protected, they may be inclined to err on the side of caution and not use that data. In some cases, their judgment of what is “sensitive” or constitutes “permitted use” may be incorrect, foregoing data they could otherwise use. Visible data sharing controls is part of trust—employees will trust data and use it more freely when they know, and can see, privacy is being actively managed.

Data Privacy Management in Action

For example, the Federal Home Loan Mortgage Corporation (aka Freddie Mac) used to regularly scan their huge volumes of data for PII, which required a team of dedicated experts who had to manually search a vast data landscape across many different systems. “Although the manual process worked and successfully prevented adverse incidents, we needed to find ways to operate more efficiently, automate the discovery of PII wherever it’s located, and free our teams to be more innovative and take on new business challenges,” said Aravind “Jag” Jagannathan, Vice President and Chief Data Officer at Freddie Mac Single-Family.

This vision to drive scale and efficiency would prove invaluable, when the COVID-19 pandemic caused an unexpected surge in mortgage volumes which led to an increased demand for high performance mortgage data processing and reporting. “Now we can scan an extremely large set of databases and file storage locations to find, classify, and identify PII. By automating previously manual processes, confidence levels in data across the business and team productivity rose significantly.”

Realogy Holdings, a leading, integrated provider of U.S. residential real estate services, wanted to set the bar for data privacy management best practices and minimize risk exposure with safer innovation. With a solution in place, Rich Mendoza, Director, Data Privacy & Regulatory Compliance, said they now “can safeguard personal data and handle it in a way that’s appropriate, defensible, and meaningful.”

The need to protect sensitive customer data and fulfill privacy mandates such as HIPAA and HITECH are especially critical in the healthcare sector. Arvin Bansal, Director Cyber Governance, Strategy & Risk at pharmaceutical services company AmerisourceBergen, found that, “To succeed, we need to understand our data sources, identify high-risk areas, and protect personal health information wherever and whenever we use it.”

While some organizations may be struggling with how to safely manage and share sensitive data with end-users, we applaud those who take measures to put appropriate data privacy management systems in place.

It’s clear that privacy goes beyond just protecting data. If you can govern data in the cloud responsibly, ensuring transparency and managing exposure, you can begin to unleash value in data analytics programs, create opportunities for improved customer experience, and optimize your business with new analytic insights. Privacy in this case is an enabler to safer value creation, not simply a cost of doing business: It helps drive new and trusted opportunities to generate value from data.

1 The IDC report, Worldwide Global DataSphere Forecast, 2021–2025: The World Keeps Creating More Data — Now, What Do We Do with It All?

2 https://staysafeonline.org/data-privacy-week/

3 Transcend, The Data Privacy Feedback Loop 2020, https://www.datocms-assets.com/16414/1597294492-transcenddataprivacyfeedbackloop-2020.pdf

4 https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-study-2021.pdf

First Published: Jan 28, 2022