28 January is celebrated as the International Data Privacy Day. CCPA came into effect from 1 January 2020. China implemented the Password Law from the start of the new year. These recent developments reveal the heightened efforts to secure customer data and provide online internet users with data privacy. Every company is slated to become a Big Data processor, either using Big Data or producing tons of it.
According to a report, its the number of zeroes in Big Data that will boggle your mind – G2 puts it at more than 2,000,000,000,000,000,000 bytes (or 2 quintillions) of data created each day. As in, holy guacamole.
And, that leads us to think about the security protocols and risk preparedness in handling Big Data, and in particular consumer data.
We spoke to industry leaders on the Data Privacy Day to ascertain what steps they have taken to secure consumer data, and how they fulfill their promises for a safe and fully-secured online interaction with users.
Speakers include,
- Steve Grewal, Chief Technology Officer at Federal at Cohesity
- Rafael Laguna, CEO at Open-Xchange
- Raphael Rodier, CRO International at Ogury
- David Gonzalez, Head of Big Data and Advanced Analytics at Vodafone Business
- James Hirst, Co-Founder at Tyk
- Matt McLaughlin, COO at DoubleVerify
- Anurag Kahol, CTO and Co-founder at Bitglass
- Lisa Rapp, Vice President of Data Ethics at LiveRamp
- Frank Jablonski, VP, Global Marketing at SIOS
- Joseph Carson, Chief Security Scientist at Thycotic
- Heather Paunet, Vice President of Product Management at Untangle
- Ali Golshan, CTO and Co-founder at StackRox
- Shahrokh Shahidzadeh, CEO at Acceptto
- Ben Barokas, CEO and Co-Founder at Sourcepoint
Here’s the part 1 of Data Privacy Day Quotes and Insights Series.
Organizations Must Act to Minimize Their Compliance Risks at All Times.
Steve Grewal, Chief Technology Officer, Federal at Cohesity, says –
“The California Consumer Privacy Act is an important step towards greater digital privacy. The law is modeled after the UK’s General Data Protection Regulation (GDPR) that requires companies to share how personal data is collected and used, and gives consumers the option to have their data deleted. We believe it will have a positive impact on customers’ privacy, and how enterprises store and share consumer data across their business.
However, CCPA differs from GDPR in that it doesn’t apply to backup copies of data. Therefore, enterprises need to be aware of potential compliance violations when using backups to restore primary systems – as the backup data may contain personal data that requires extra scrutiny to assure CCPA compliance.
Given you never know when backups need to be utilized, it’s imperative for organizations to deploy software that can locate personal data across all data sets — including backup copies – to ensure organizations minimize their compliance risks at all times.”
Governments Must Take Action to Limit Big Tech’s Power to Collect and Monetize Personal Data
Rafael Laguna, CEO of Open-Xchange, commented –
“Celebrating Data Privacy Day feels very ironic – we mark this occasion while living in a never-ending episode of Black Mirror, brought about by an incessant, underhand push by Tech giants to close off the internet. Make no mistake, your privacy rights are as threatened now as they were before Cambridge Analytica.
Silicon Valley’s main business is now advertising, based upon the collection of vast amounts of consumer data. Asking these monopolies to give up on illicit data practices is like asking an oil company to stop drilling for oil – it isn’t going to happen freely, or without piecemeal PR efforts intended only to give the impression of change. Even companies that claim to abide by “privacy-by-design” principles, such as Apple, can be found hounding users with push notifications that ask them to share more data.
When you next get a notification asking if you’d like an app to have access to your location all of the time, instead of only when you’re using the app, think carefully as to why they’re asking for this.
Fines don’t appear to be working, so governments must take action to limit Big Tech’s power to collect and monetize personal data in the first place. Part of this should involve promoting the development and use of open internet services, which respect citizens’ digital sovereignty, by granting everyone the right to control how and where their data is collected and stored.”
Go Beyond the Mandatory Legal Requirements, and Just Do It
Raphael Rodier, CRO International at Ogury says –
“Privacy policies including GDPR and the CCPA have helped to establish increased transparency within the digital advertising industry, however, we’re still finding that many consumers simply do not understand how their data is collected and used. Initiatives such as Data Privacy Day provide a timely reminder of the importance of informing users about their rights to own and control their personal data. However, without a year-round, sustained global effort from businesses these reminders will have little real-world impact for consumers.
If advertisers are to truly demonstrate a commitment to championing consumer choice, they will need to move forward with a model of traceable consent which goes beyond the mandatory legal requirements and places the user firmly back in control.”
Expect 5G, Big Data, and AI to Impact the Bottom Line
David Gonzalez, Head of Big Data and Advanced Analytics – Vodafone Business
David Gonzalez, Head of Big Data and Advanced Analytics at Vodafone Business, affirms the role of technology in making Data Privacy a sustainable effort in the long-run.
David states –
“Across industries, organizations recognize the positive impact that Big Data and AI can have on their bottom line. They aspire to be more insights-driven, to improve their product offering and processes – both external and internal. The introduction of 5G will allow more businesses to collect data from across their network, via technology such as IoT. However, it is critical to have a clear vision of how this information is going to be collected, stored and processed so that organizations remain ethical and compliant.
“For many companies, hiring a Chief Data Officer is a key step to achieving this, but it’s not enough on its own. Data is integral to how companies operate and succeed in today’s economy, and it requires company-wide input for the best results. For example, the C-suite must provide support for initiatives and business units need to use secure data and implement insights from it.
“Data is even more pervasive throughout the organization, while regulation on its use is becoming tighter. Consumers are far more aware of their privacy rights, and there is a clear directive on the ethical and appropriate ways to manage this. It’s never been more important to use data in a way that still protects the privacy of EU citizens. Achieving this requires that compliance is integral to the approach from the beginning – not as an after-thought. This is the only way to have peace of mind that the data you are using will reap reward, not risk.”
You Only Need to Look Back to the Cambridge Analytica Scandal
James Hirst, Co-Founder at Tyk, says –
“APIs and data privacy have been key topics of recent discussions, especially when things go wrong. You only need to look back to the Cambridge Analytica scandal to see the high-level of criticism that was leveled against Facebook’s Open Graph API, which enabled the former to collate user information. Web APIs underpin much of the modern web, but they also have a unique role to play. An increasing number of services provide APIs that give third parties – such as apps, website developers and advertisers – direct or indirect access to data about a service’s users.
“However, consumers are becoming more conscious of their rights to privacy and regulations such as GDPR require businesses to take data security more seriously. As a result, API owners must consistently evaluate their security to ensure they are staying compliant. API access requests from third parties need to be properly scrutinized and vetted before granting access, to ensure that data is shared appropriately. At the same time, internal policies around API usage must be clear and comprehensive for third-party users, to avoid confusion.
“Additionally, API owners may want to carry out an audit of their internal userbase. This allows for any API consumers using data inappropriately to be identified and removed. Likewise, setting up monitoring in the API management layer can improve the security of the platform as a whole. While speed and agility may be a primary focus for developers in the API economy, security associated with data management can no longer be an afterthought.”
Embrace Data Privacy in Your DNA
Lisa Rapp, Vice President of Data Ethics at LiveRamp, says –
“At LiveRamp, we think about data ethics and privacy every day. It is the fabric of our DNA, threaded into how we operate, from product development to client relations. Earning and maintaining your trust is the utmost importance to us, and we’re committed to ensuring customer data use is ethical, secure, and privacy-compliant.”
According to LiveRamp’s Data Privacy Day blog, social media is one of the leading sources of data. Around four petabytes of data were created on a popular social media platform alone. Lisa recommends organizations to focus on data privacy benchmarks, and treat every day as a Data Privacy Day.
She concludes, “This level of collaboration and commitment to accountability needs to be the “default setting” of any organization that uses data about people.”