Data has fueled the hockey stick-shaped growth of enterprises worldwide, probably leading to the much-adopted phrase, “Data is the new oil.” But recent high-profile data breaches and the rise of data protection regulations have made data into a double-edged sword to be wielded with extreme care.
The challenges around data handling have been exacerbated because data is often collected not because it is needed but because it is easily available and can be collected easily, with the data owner practically giving it away in exchange for access to products and services that are “free.” Added to this is the fact that data storage has also become easier with plummeting storage costs and the ease of real-time, always-on access. Finally, data collection has always been driven by the promise of being able to extract future value from data, which means data was and is being collected like it is nobody’s business.
All this is not without its downsides, at least two of which stand out in my opinion: one, the possibility of breaches, and two, the rise of regulations, making those breaches very expensive and dangerous. To make things interesting, Gartner predicts that by 2023, 65 percent of the world’s population will have their personal data covered under modern privacy regulations, making it imperative for enterprises to take privacy seriously. If that is not enough, a Cisco consumer privacy survey in June 2021 indicated that 86 percent of consumers state they care about their data privacy and want more control over their data, and 47 percent of consumers say they have already refused to use a service or a product of a company they don’t trust with their data privacy policies. All is not discouraging, however, with additional Gartner research indicating that companies that improve and retain their customers’ trust when it comes to data privacy and protection will see up to 30 percent increase in their profits compared to other organizations. These aspects provide additional context to how enterprises are collecting, handling and managing data, giving rise to new perspectives on how data must be managed over its lifecycle.
Major regulations such as the General Data Protection Regulation (GDPR) have furthered the need for a paradigm shift to managing data, giving more power to the data owner or data subject – in other words, you and me. Enterprises will do well to take heed, especially of the idea of data minimization, which if implemented in its true spirit, promises over time to enable enterprises to not only ensure improved compliance to regulations such as GDPR and its ilk, but also ensure better outcomes directly and indirectly.
Data minimization implemented well can be beneficial across a host of areas, including risk minimization, reduced costs of storage, reduced impact of breaches and improved compliance. Data minimization starts with inquiring why the data is being collected and, from that crucial question, things flow across all the aspects of the data management lifecycle phases, Create-Store-Use-Archive-Destroy. It is important to understand that data minimization can be deployed horizontally, spanning existing and future data in the enterprise. To apply the data minimization philosophy to existing applications, it will be necessary to discover which data is being collected/stored and why. Regardless of whether it is dealing with existing data or data that is going to be collected, data minimization is going to be the way forward, especially if enterprises are to survive and thrive in an era where data is not only useful to deliver products and services but also much sought-after by threat actors for purposes that may be detrimental to the enterprise and its customers. Data protection becomes increasingly important with the rise of everything “Meta,” indicating a renewed emphasis and focus on data and what can be done with that data. So going out on a limb, here are a few things that you and your enterprise can do today to prepare for the future when it comes to data protection and to implementing the data minimization principles in its true spirit:
- Be transparent on what data is being collected and why.
- Be clear on how the data is going to be used, who gets access to it and for what purpose.
- Make it easy for customer/data subjects to access their data and make changes to the data.
- Do not wait for regulation or breaches to drive what you are doing from a data perspective.
- Aim to be the leader in doing what is right from a data management perspective – this will pay off in the long-term.
- Proactively build awareness of your data-related policies and practices, and how you are complying with relevant regulation/legislation.
- Take a “by design” approach when it comes to designing and using new automated decision-making tools and technologies, especially those that use personal data.
- Establish ethical principles and oversight structures such as governance boards that can provide insight and oversight when it comes to adoption of new technologies such as AI in conjunction with data.
- Last but not the least, remember the customer is not the data; data is just a byproduct of the customer’s interaction with the enterprise and the ecosystem.
Adopting these and other best practices relating to data management, including data minimization, will attract customers who value privacy and are willing to act on it by letting their wallets speak. Reduced and right-sized data will foster innovation and business agility, leading to long-term growth and success.