How to Make Data Privacy the Beating Heart of an Organization

Too often data is a currency without consent. How can companies make data privacy the beating heart of their organization?

By Sooji Seo, Chief Privacy Officer at Dell Technologies

We’re operating in the Zettabyte world. Data is now a hot commodity and, like all commodities, should be properly regulated. That encompasses ensuring people’s data is private and only used according to the subject’s say-so. It’s a departure from yesteryear when data privacy was considered a hygiene measure. Today, it’s a business imperative, and a fundamental human right.

Even more so now data feeds artificial intelligence (AI) systems. For data to correctly inform AI, the data needs to be trusted. Explainable AI is still very difficult to achieve. To make the right decisions, we need to ensure the AI is given uncorrupted data. The more we automate and rely on technology to crunch data and posit recommendations, the more we must enshrine data privacy and data protection.

To achieve data privacy, businesses need to be transparent about what data they collect, to what end, and how the data is safeguarded. This transparency will earn customers’ trust.

To relay how important it is to “earn trust” and “demonstrate transparency,” the Dell Technologies Digital Transformation Index defines both as core attributes of a digital business. However, that doesn’t mean these two things are assured.

According to the Data Paradox study, a commissioned study conducted by Forrester Consulting on behalf of Dell Technologies: Almost half of the respondents (senior directors with responsibility for their firm’s data/data strategy) cite data privacy and security weaknesses as a barrier to better capturing, analyzing and acting on data*. Forty-four percent admit that trust in their data is an issue and agree that they need to build trust in the way they gather, curate and share data as a top priority*.

Against this backdrop, those businesses that make data privacy the beating heart of their value proposition will shine bright and earn customer trust and loyalty in the process.

So, how do they do that?

1. Recognize When Consent Is Legal Consent

Even when customers seemingly give their permission to use their data for commercial gain, practice restraint. People commonly offer up their data in exchange for a service and then protest when their data is used for commercial gain (and not their own). To pre-empt this, you need to prove you take data privacy seriously, and you need to be ultra-transparent.

Even today, despite data regulations’ insistence on using plain language, many agreement notices are still written in legalese. It’s the business’s responsibility to check their privacy notice is transparent, understandable for all, and individuals’ consent is genuinely informed and freely given. Consider regularly testing your privacy notice language with a mix of people from different backgrounds.

2. Screen Your Data Marketplaces

Today, data is actively shared and traded beyond company walls i.e. via data marketplaces. That’s not a bad thing. With data being foundational to identifying and reaching target customers with personalized experiences, data marketplaces are valuable resources—but choose your data marketplaces carefully, as they’re not all created equal. Some may compromise the integrity of their data and therefore violate privacy standards by failing to classify data ownership, transfer data over insecure paths, and operate with inadequate governance. Sixty-two percent of respondents in the Forrester study note that leveraging data marketplaces is difficult because of security and compliance requirements*.

3. Achieve Data Precision

Data regulations provide residents with the right to request their data be erased. However, there are often exceptions to this right. Each case is decided on an individual basis. Even if it’s granted, this is a very hard thing to do for the average business. Companies are awash with data silos and data is often replicated across different systems as the Forrester study demonstrates, with data silos being the second-highest barrier to achieving data excellence*. For many businesses, being able to find all instances of the data, let alone delete them forevermore, would be difficult if not impossible.

4.Involve Everyone

Set a moonshot goal to laser focus on data privacy that’s backed by real resources and employees—from the Board all the way day to the mailroom.

Then, consider appointing data privacy advocates or champions across the organization to reinforce best practice, but remind everyone that it’s a shared responsibility: every name, email address, telephone number (and any other personal identifiers) they collect, process, and share could impact someone’s life and their fundamental right to privacy. According to the Forrester study, this isn’t yet commonplace: Only 8 percent of businesses surveyed have established a community of data enthusiasts and just 17 percent are running initiatives to promote the democratization of data*.

5. Determine How to Govern Data

Data governance and security is an upward struggle for many businesses. In the Forrester study, only 32 percent say they’ve gotten better at controlling and securing access to data and copies of the data*.

How a business approaches data governance will vary depending on the type of business that it is. If a business is highly regulated, it would be advisable to form a data governance council to help establish security protocols and a data lineage that’s easy to track and trace.

A non-regulated business may also want to follow suit. While these businesses have more leeway, they still need to respect individuals’ fundamental privacy rights to know how companies are collecting, using, routing and securing their data. In some respects, a level of ambiguity makes things tougher as it puts the onus on the business to determine risk. Ultimately, the business needs to set clear parameters against which to classify different types of data and then secure the data accordingly.

6. Don’t Rely on Your Own Strength

According to the Forrester study, just 43 percent of businesses say they’ve made headway in terms of coming closer to achieving a flexible and automated understanding of all data originators*. This becomes harder with the proliferation of data in motion. Some firms are seeing the data they generate and collect double, if not triple*.

Against this backdrop, businesses will need to automate lineage tracing and data classification efforts–the task is beyond the realms of human effort. Data governance tools can provide oversight and earmark data for appropriate classification; data catalogs can address management issues, and security tooling can prevent stored data from being changed in any way. The key is to integrate the different technologies to create a “water-tight system.”

Privacy as a Principle

To place data privacy at a heart of an organization and earn trust, businesses need to bridge the gap between what is legally allowed and what is ethically right. Businesses that enshrine this principle in their everyday dealings by embracing a clear and open privacy practice, offering comprehensive, compulsory data privacy training, and integrating the right data privacy tools, will be better prepared for this eventuality. These principles are fundamental to stakeholders’ accountability as data holders. If data is as valuable as the industry claims, the demand for it will only increase. But it must be captured with the objectives of demonstrating transparency and gaining customer trust top of mind.

* Source: A May 2021 commissioned study, “Unveiling Data Challenges Afflicting Businesses Around The World“, conducted by Forrester Consulting on behalf of Dell Technologies. Base: 4,036 Director+ decision-makers responsible for data and data strategies in North America, Europe, Asia, Pacific and Japan, Greater China, or Latin America.