In the first half of 2020, our worlds became nearly entirely digital. Today, we are cooped up in our homes, entirely reliant on home Wifi networks and software such as Zoom and Google Hangouts. This change makes us, as consumers, vulnerable to hacks and breaches. But the general public is not the only ones concerned about data security. Data security and privacy professionals are also fearful about protecting sensitive information within their organization.
Many businesses are using this time to optimize their data and technology investments. Despite budget cuts across nearly every division, a PwC survey of finance leaders discovered that investment in technology is unlikely to change in 2020. Organizations are still committed to leveraging cutting edge technology and transforming into Data Intelligent businesses.
But how can businesses balance digital transformation, data security and data privacy?
Data security and privacy are not mutually exclusive from digital transformation. In fact, truly Data Intelligent organizations protect their information assets at all times and even use data security and data privacy to their advantage. In order to achieve Data Intelligence, organizations need a system of record for data that focuses on metadata management, embeds privacy and compliance controls into their data ecosystems, and empowers employees with access to trusted and secure data. By fueling teams with Data Intelligence, organizations can use their data as an asset and unlock new business opportunities.
Security and privacy impact all parts of the business
From legal to IT and marketing to finance, every single business unit holds some stake in data security and data privacy. All parts of the business are undermined by the effects of data breaches and regulatory fines.
Data breaches
Organizations are challenged every day to keep the personal data they hold safe across their entire ecosystem. They must also ensure that their partners, suppliers, and other third parties are also keeping the organization’s data safe. Look at these price tags for some of the most expensive data breaches over the last 10 years:
- Equifax – $700 million settlement, ~143 million people affected, 2017
- US Office of Personnel Management – $500 million, exposed over 4 million federal employees, 2015
- Exactis – $500 million, ~348 million user accounts, 2018
- Target – $300 million, ~40 million customers, 2013
Without a sound footing of metadata management and data security, organizations leave themselves susceptible to attacks, scandals and substantial penalties.
Regulatory fines
2020 has been a turbulent year. Budgets are tight. Yes, organizations are continuing to invest in digital transformation. Nonetheless, it’s counterproductive if you invest in new technologies to unlock new business opportunities and then end up with fines from breaking data privacy regulations, such as the General Data Protection Regulation (GDPR) and the new California Consumer Privacy Act (CCPA).
Imagine spending thousands on technology improvements and data literacy programs, just to be hit with a multi-million euro fine. To put things into perspective, here are the heftiest GDPR fines since the regulation’s enforcement just two years ago:
- British Airways – €204.6 million
- Marriott International Hotels – €110.3 million
- Google – €50 million
- Austrian Post – €18.5 million
- Deutsche Wohen SE – €14.5 million
Just knowing about the regulatory requirements does not safeguard an organization from fines. Last year, Collibra teamed up with the University of California, Berkeley and AppCensus on a study about how 120 Android apps handle personal data. The study showed that most organizations don’t even realize how vulnerable they are to regulatory violations. More than one-third of the apps were transmitting personal identifiers either without users realizing they were doing so, without asking for permission, or without informing users transparently about which companies receive this data and what they intend to do with it.
When you hear these stories and look at these numbers, you can see that poor data security and data privacy can offset a sound investment in a data program.
Consumers care about how data is used and misused
When data is misused, trust between consumers and the entity that held the personal data can break down, or disappear completely. For example, after the Cambridge Analytica scandal, Facebook’s share price fell more than 40% through November 2018. And after the 2017 Equifax data breach, Equifax’s valuation decreased by $4 billion.
The UK’s Data & Marketing Association conducted a study about consumer opinions about data privacy and data protection. The survey found that
- 88% of respondents indicated that transparency about how their data was collected and used is important to them when sharing data with an organization
- 87% said it’s important that the terms and conditions are easy to read and understand
- 85% said it’s important for the organization to have a flexible privacy policy that allows them to control the types and amount of data they wish to share
Consumers have more access to information about their rights and demand more transparency. Taking a customer-centric approach to data privacy enables businesses to make data security and data privacy as competitive differentiators rather than impediments.
How do we solve data security and data privacy issues?
How do we protect ourselves from these problems?
When done right, data security and data privacy can help you achieve Data Intelligence. It is essential to invest in metadata management in order to be secure and compliant and fuel Data Intelligence.
The Collibra Data Intelligence Cloud offers a system of record for data that allows businesses to accelerate digital transformation while also supporting metadata management and boosting data security and data privacy. The cloud-based platform ensures secure and easy access to data and upholds standards for reliability, privacy and compliance. With the Collibra Data Intelligence Cloud, businesses can simultaneously protect their information assets while achieving:
- Revenue growth
- Operational efficiency
- Risk mitigation
- Data modernization
Metadata management
The Collibra Data Intelligence Cloud focuses on metadata management, allowing organizations to govern their data across its lifecycle. Collibra’s metadata management is enterprise grade, involving the roles, responsibilities, processes, and technologies necessary to keep data secure and compliant. Our metadata management capabilities enable access and understanding of trusted data for a variety of use cases.
Data security
The Collibra Data Intelligence Cloud puts security at the core of the technology. We create and maintain a rigorous control security framework built around regulatory, legal and statutory requirements, as well as industry best practices.
Our cloud architecture is designed to segregate and restrict data access based on the customer and on the customer’s business need. The architecture of the cloud environment used by Collibra provides logical data separation and role-based access privileges, all controlled on a customer-specific level.
We audit against the ISO 27001 standard and have implemented over 200 compensating controls that map to leading national and international security standards, including
- FedRAMP Security Controls
- ISO 27002
- AICPA Trust Service Criteria (SOC 2SM Report)
Data privacy
The Collibra Data Intelligence Cloud establishes privacy by design principles by embedding privacy and compliance into your technology ecosystem and daily processes. Collibra offers a Data Privacy product that sits on top of the cloud-based platform to
- Focus on metadata management and deliver a holistic privacy compliance program
- Enable collaboration between stakeholders in a central location
- Automate and simplify workflows and processes
- Adhere to regulations, such as the GDPR and CCPA
- Scale privacy programs to meet enterprise demands
As we continue to adapt to this increasingly digital world at home, it becomes equally important for businesses to evolve their data strategies.