In Data Privacy, How Smart Is Your Data?

Over the last few years, data privacy has been brought in to the public focus more than ever before. What information is being collected about you, how is it being used, and who has the ability to access it.

Regulations are coming into effect around the globe every day to impose restrictions and controls on how data can be collected and used: GDPR in Europe; CCPA in California; PIPEDA in Canada; APPI in Japan; Personal Data Protection Bill in India; PDPA in Singapore; and the pilot of CDR in Australia. Also, data breaches are being reported in an ever-increasing number, with serious penalties being applied by regulators.

Data gathering is also in a state of flux. Apple and Mozilla have blocked third party cookies in their browsers and Google have announced that they are intended to replace cookies with a Privacy Sandbox. While cookies are used to support focused advertising, the fact that organisations such as Google are proposing changes to their primary business model to support a move to privacy is a significant move.

So, can how you gather and manage data adjust to enhance privacy for the data subject but also benefit your data processing? We’re all familiar with the traditional idea of Big Data; harvesting large amounts of information relating to data subjects to ensure all required information is present. But this introduces inherent risks for data privacy and security.

Smart data is more and more relevant

While it is not a new concept, “smart data” is becoming more and more relevant as discussed in a recent LinkedIn article. This principle focuses on gathering only the most useful data and validating during collection to ensure the data meets the business requirements.

This reduces the risk of incorrect, unnecessary and irrelevant data being introduced in to an organisation and ties data tightly to related processes. If the data gathered is just that relevant for the process, it can reduce the effort and speed up the process while also ensuring that the data subject is aware of the purpose for which their data will be used. With a reduced amount of data, data management, data retention and data removal processes also become more efficient.

Some regulators are also looking at more automated reporting and processing, such as the Data Strategy published by the FCA and the Discussion Paper published by the Bank of England.

The tools you need for “smart data” handling

What is needed to implement smart data handling? Identifying the regulatory obligations is critical, and those can be used to define and control the policies and procedures around data gathering and retention. These need to be managed by appropriate data owners within your organisation and disseminated to the employees involved in data gathering using an efficient policy management solution.

Processes can be robustly implemented in automation tools to ensure they are followed correctly and the data gathered should be stored in an appropriate secure repository that has tight access controls.  That repository should provide a clear view on data correctness and validity and simplify the retention or removal of data according to defined procedures.

The entire infrastructure should support easy reporting and analysis to help identify where obligations are being met and to provide visibility to how data is being used. Finally, this infrastructure needs to be dynamic and support evolution of the requirements as internal and external obligations change.

2020 is already shaping up to be another year of significant data privacy regulatory change and evolution. So tracking your regulatory obligations while managing your data to meet the requirements is going to be a key challenge this year.