We live in a data economy that may seem at odds with an increasingly privacy-driven world. This has led companies in all industries to develop protocols on what data they can use, how it is used, and by whom, leading many to assume that they must walk a tightrope between maintaining compliance with data regulation and achieving business results. data driven.
The reality is that this no longer has to be one or the other. It is time for companies to move away from adopting a “one size fits all” approach to privacy and security in favor of a model defined by the context in which a data set is collected and used. In doing so, they can adapt to the evolving data privacy landscape while collaborating with internal and external teams in new ways.
As Data Privacy Day approaches, January 28, it’s the perfect time for businesses to re-evaluate how they protect data to ensure they maximize its value while mitigating risk. for stakeholders or brand security.
Rethink privacy and security solutions
Traditionally, technology vendors handling customer data have applied arbitrary data access limits to their products, regardless of the customer’s business goals. While this is done to protect privacy, what is not taken into account is that the unique characteristics of a data set, including the potential value to a business or the mechanisms through which it is collected, contribute at different levels. risk tolerance.
Rather than selecting technology that treats all data in the same way, privacy officers should be empowered to selectively apply privacy enhancement techniques to data to balance privacy risk with helping business teams execute. For example, instead of requiring that all data be aggregated or modified “imprecisely” within a platform, the platform should allow one to determine which data sets need additional protection based on the sensitivity of a data set and the team use cases. The differential application of privacy techniques ensures that teams are not limited to analyzing aggregated data functions, for example, but can obtain high-fidelity information without compromising consumer privacy.
The first step in achieving this is to stop looking for “privacy” as a proprietary product or feature set attached to an existing data platform, but to select privacy-focused technologies that treat privacy like a steel thread running through everything. the fabric of the product. Businesses should focus on privacy as a fundamental principle upon which data workflows are built and interconnected, all tied to people’s right to privacy and choice. With this in mind, it’s time to get over the preconceived notion that a set of explicit standards, such as an arbitrary data aggregation threshold or an encryption technique, can determine privacy security vs. Instead, consider the context of each dataset within the business objectives, which is then vital in determining the appropriate controls to implement.
By trying to keep up with rapidly changing regulation, it’s easy to create policies based on what will meet legal requirements rather than on consumer expectations or a company’s data-driven strategy. As legislation evolves and precedents are set, companies must move their policies beyond compliance-only risk assessment frameworks to models that balance the preservation of privacy and the usefulness of data based on context of the data and use cases. Remember, all data is not the same.
Prepare for a smoother model across all workflows, balancing the controls a business wants around its data and the insights that can be derived from it. At the end of the day, companies want value from data through insights from customers and how they act on them. They want to be able to personalize, cultivate data collaboration, and monetize in new ways, based on the type of data and how it can benefit the organization. By doing so, they can set their own business policies on what data can enter their environments or what data they can share with third parties, all while complying with and adapting to evolving regulations.
Improved security and internal collaboration
Historically, cross-divisional relationships between InfoSec, IT, Legal, and business or product teams can be challenging in the sense that the internal conversations and continuing education these teams require to synchronize protocols and security measures can be extensive. In addition, the application of policies between these teams without the proper technical guarantees can result in the accidental – or, in rare cases, malicious – leakage of data that would put the reputation of an individual or company at risk.
By taking a more contextually and technically strengthened approach to data governance, all-too-common risks associated with human-led processes can be eliminated and, in turn, improved collaboration and enforcement among these internal teams. When the correct technical controls are implemented based on the context of the data, using privacy-enhancing techniques or in partnership with a trusted technology partner, companies no longer have to rely on manual human processes that can lead to leakage. or re-identification of confidential data. risk.
Only this alignment between internal teams will allow a company’s overall data strategy to flourish. Many of the world’s most successful companies, such as Amazon or Unilever, have gained considerable market share through data collaboration, starting within their own company.
External collaboration is also possible
Once internal data can be safely transacted between teams, trust-based external data associations are the next strategic step to unlock new insights. According to a new report from Winterberry Group, more than 64% of organizations are already finding ways to collaborate with partners to share first-hand data for insights, activations, measurement or attribution. Although the concept of data sharing itself is not new, these numbers are expected to rise as the way companies collaborate evolves in response to the expanding economic and regulatory challenges brought on by the COVID economy.
These holistic approaches, including data cooperatives, marketplaces / exchanges, and technical data environments, demonstrate the ways that companies can securely collaborate with trusted partners and generate ROI while moving beyond one-size-fits-all models. As the Winterberry data shows, data privacy does not have to compromise the usefulness of the data because there are technical controls, such as aggregation thresholds or privacy enhancement algorithms, that can be used to achieve specific business goals without compromising. risk the data.
Realistically, each organization has to make different compromises, even within its own four walls. There may be a specific type of data that a company considers valuable, but it doesn’t want any of it to leave the organization. The further companies move up the privacy spectrum to reduce risk, the more they can also reduce the usefulness or performance of data, depending on how privacy enhancement techniques are applied. This is necessary for some types of data, but for those that are less sensitive, the same organization could derive maximum value from providing controlled access to pseudonymized data among trusted external partners without exposing itself to unnecessary privacy or security risks. This is based on how a business assigns permissions to data, where selected data is available to partners who need it, for use cases allowed by the data owner, with appropriate inbound or outbound privacy protections in place. .
That is, collaborative access to data is effective to run successful customer-centric campaigns, prioritizing privacy. Benefits included:
- A richer overall profile and a 360-degree view of customers, without violating data minimization or control practices
- Better customer experiences based on the ability to track and enforce customer preferences in all contexts
- The ability to create new experiences for customers, audience refinement, results-based optimization, and improved measurement capabilities.
- Access to valuable information for companies that lack a direct relationship with their customers, ie “data rich” retailers alongside historically “data poor” sectors such as CPG or pharmaceuticals, which tend not to have direct access to own data.
For companies looking to prosper in 2021 and beyond, it is important to apply context when assessing where a dataset should fall on the spectrum of privacy and risk tolerance, so as not to sacrifice privacy or utility. For too long, privacy and information security teams have been ticking the usual boxes, but they have missed the boat to achieve real business results and goals.
Businesses can get real value from data while remaining # privacy and # security first by adopting a more context-oriented model for all workflows. #respectdata
The transition to a more context-driven model, where privacy and security remain core principles of all workflows, will ensure that companies get real value from data while remaining privacy and security in first place. Don’t let the data exist just to collect dust. The solutions you need to maximize the value of data from a privacy standpoint are here.