Tackling Data Privacy

Data privacy is an increasingly important topic, particularly in the context of recent high-profile breaches.

When tackling the challenges of data privacy, it is important to consider the larger context of Information Security and Enterprise Information Management competencies.  The maturity of existing Information Management policies, standards, and processes within the enterprise have a significant impact on the cost and effort required to successfully bring about data privacy policies and physical implementations. In addition, sophisticated and high quality artifacts –   enterprise data dictionaries, reference models, and data governance models, etc.  – reduce effort and costby supporting data privacy audits, new project privacy requirements, and the development of data privacy breach risk management models. Successful projects depend on the ability to effectively document the current state and integrate with the organization’s software development lifecycle to target future changes and/or new implementations.

Fundamentally, however, it is the complexity of information (both in terms of volume and representation) that determines the size of the overall problem, the extent of exposure, and the cost and effort that will be required to address it. Since data privacy (just like data governance and data quality) is an ongoing set of processes, it is important to develop a roadmap that incorporates priorities and risks across the different information domains in order to effectively assign resources and manage costs.  Information complexity also plays a role in data masking implementations, in achieving a balanced approach with regards to the impact on business data mining requirements. It is important to realize that no amount of data masking, de-identification, and obfuscation can remove all risk without sacrificing some of the correlations and dependencies embedded within an organization’s data.  The recommended approach to data privacy is a balanced one, without information loss and reduced the impact on the day-to-day operations – including planning for the future.