Stephen Gill, Academic Head of the School of Mathematical and Computer Sciences at Heriot-Watt University Dubai, shares his views on balancing big data and data privacy in this exclusive op-ed for Computer News Middle East
Data is omnipresent. Data is fluid. Starting from e-commerce, mobile maps, and on-demand streaming services to healthcare, banking, and real estate, everything is being transformed as a result of the massive volumes of data we generate as users and consumers.
In a post-pandemic world, big data is more critical now than before. For businesses and economies on the path to recovery, data is a lifeline in three key areas. Firstly, data is key to establishing digital resiliency i.e. data allows organisations to rapidly adapt to business disruptions and to restore business operations. Secondly, companies with successful digital transformation rely on data to create new and innovative products and solutions. Such businesses are more equipped to build new revenue streams and are more future-ready. Thirdly, data allows companies to understand the pulse of their employees, investors, and customers that in turn helps ensuring the highest level of satisfaction and loyalty.
Hence, British mathematician Clive Humby apparently – and aptly so – coined the famous phrase “Data is the new oil” in 2006. The visionary was able to foresee the huge potential of data before many could. Since then, the world has witnessed an exponential growth in data and its benefits – and there are no signs of slowing down. The International Data Corporation (IDC) estimates that global data creation and replication will experience a compound annual growth rate (CAGR) of 23% between 2020 and 2025.
If data is power with great power comes great responsibility. As large corporations and government agencies continue to generate enormous financial, economic, and social benefits from big data, they have an even greater obligation to protect user data, no matter how it is stored and processed.
Managing data privacy risks
Big data is a privacy risk only when it’s mismanaged. As data privacy touches on so many parts of an organisation, it shouldn’t simply be limited to a security or disaster recovery plan. Data privacy should be embedded within the heart of a company’s data strategy and staff training. This also includes following best practices such as real-time monitoring, homomorphic encryption, and preventing internal threats.
Data privacy becomes more challenging when IoT, BYOD IT policies and the proliferation of internet-connected devices are factored in. With more devices at the workplace, organisations have more data to manage. It is therefore necessary to ensure that strong data governance processes are in place for managing compliance and data privacy from any source, various operating systems and multiple apps.
Building a strong data culture that understands the value of data privacy in today’s interconnected and data-rich world is also vital. More data does not mean better data. Hoarding large volumes of unnecessary data is a risk rather than an asset as it expands the attack surface for data theft and broadens the risk of breaching many data privacy laws. Dynamic IT teams need to balance the value of collecting, storing and processing large volumes of data against the critical obligations for privacy, security and compliance.
Enhancing data security
For companies looking to leverage big data analytics, data needs to be monetised and therefore, the more data it creates, the more sensitive data becomes. Right here lies the problem as cyberthreat actors want to extract critical information for their own financial gain. The cost of a data breach is too high. A recent report by IBM revealed that data breach costs increased by nearly 10% in 2021 (USD 4.24 million) from 2020 (USD 3.86 million).
The onus is on data analysts and engineers just as much as it is on the organisation’s security team to protect customer data, especially knowing that most data collected by businesses today is sensitive personal information. Malicious actors know the worth of data in the underground economy and organisations should takes such threats to data more seriously.
Businesses need a data-centric security strategy to protect multifaceted online environments and the residing data whilst keeping in mind two key principles. Firstly, data should be protected at the most initial point. Although this might seem obvious, many organisations fail to do so. When sensitive data is secured right from the moment it is gathered and stored, there is less risk that the information is shared in its unprotected form.
Secondly, data should only be de-protected when absolutely needed and only available with limited access. If certain individuals or applications require access to a piece of protected sensitive data, then they should only do so when it is necessary. This goes back to the earlier stated principle where data is constantly protected. Traditionally, data has been easier to analyse and process in its raw form. However, such outdated practices should be avoided in the current data security landscape. Organisations should deploy solutions that enable secure data processing and data analysis with little to no operational impact.
Building consumer trust
Concerns arising from the lack of data privacy translates into a lack of trust amongst consumers. In today’s hypercompetitive business environment, preserving brand reputation and building consumer trust is a must. Hence, the more data companies gather about their customers, the more important it is to be transparent about what their data will be used for, how it will be stored, and what protocols will be followed to ensure compliance with data protection and privacy regulations.
Being transparent about data privacy policies is one of the most effective ways of gaining the customer’s trust. Further, strong consumer trust ensures higher data quality since people tend to be more honest about their personal data with organisations that come across as responsible and reliable. Privacy can be used as a differentiator to grow brand loyalty and to connect with customers on an equal footing.