Today is National Data Privacy Day, an annual event which “commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection” according to the National Cybersecurity Alliance (NCSA), the event sponsor. While Data Privacy Day is certainly well-intentioned, given the plethora of high-profile data breaches and mishandling of consumer information, I don’t think there’s much to celebrate.
Data is an Asset and a Liability
Breaches and abuses of data occur because enterprises misunderstand the nature of data from the start. Data is not just an asset, it’s also a liability. In today’s world where everything is “free” and frictionless to sign up, data collection is a given. Thanks to increasingly stringent privacy regulations such as GDPR and CCPA, which just went into effect, misappropriating data from a client or customer creates significant liabilities – regulatory fines, legal fees, lost business and reputational issues.
For organizations that collect information on even a few customers, data privacy is just too important for one single day. Data privacy, and how to preserve it, should be top-of-mind for businesses and consumers 365 days a year.
Data Privacy is a Competitive Advantage
Perhaps the tide is turning and organizations are beginning to see the writing on the wall. I’m encouraged by the Mayo Clinic’s launch of a clinical data analytics platform. This new initiative is a good first step to setting up cloud containers to house de-identified patient data, which “payers and pharmaceutical companies outside of Mayo can link up to via application programming interfaces, as well as establish standard templates for compliance and legal agreements.”
This is a significant development, as a 2018 Opus/Ponemon Institute study of 1,000 CISOs and risk professionals in the U.S. and UK found that companies share confidential information with, on average, 583 third parties. In an industry such as healthcare, sharing data responsibly is a must.
Organizations that responsibly share their customers’ and clients’ data are creating a competitive advantage, creating more business and bolstering their valuation.
The Solution: Protect Data at the Source, Responsibly
To protect against the inevitable data breach or abuse/mishandling of consumer records, enterprises must protect what is most important – the data itself, as it is created, processed and shared. De-identification is a good first step, but the utility of the data is lost in terms of being able to process the PII. To solve that, enterprises must adopt proactive protection, or what Gartner calls “privacy preserving analytics” (and for which Baffle was named a Cool Vendor last year).
It sounds too good to be true. Running analytics on encrypted data sounds like science fiction. But Baffle currently protects 13 billion records in production at the field or record level, with customers in financial services and healthcare, running at scale without any perceivable impact on application performance or user experience.
Baffle Advanced Data Protection goes beyond legacy encryption to close gaps in the data threat model, by protecting data in memory, in-process and at-rest, all with no application changes.
As we enter a new year and a new decade, I hope that we have an occasion to celebrate in the future as concerted efforts on responsibly storing and sharing information leads to better data privacy outcomes – not just one day, but every day.