Privacy Management: Time for a Revisit

Privacy management is ready for another pivotal moment. With unprecedented AI activity around us, is your Privacy practice ready for the emerging complexities of the big data across its vectors – volume, variety and velocity?

In light of the massive shift in data volume, variety and velocity, now is the prime time to revisit your enterprise privacy capabilities and practices.

To put this in the right context, a recent article published by MIT Technology in partnership with Databricks highlights the spike in AI adoption, but even more compelling is the forecast of adoption by 2025.

Due to the rapid evolution of technologies and the fundamental need for massive amounts of data required for monetization, the world is experiencing an unparalleled use of unstructured data. To support this argument, Komprise 2022 State of Unstructured Data provides some very interesting statistics on the data growth and data storage on unstructured data.

  • More than 50% of organizations are managing 5PB or more of data, compared with less than 40% in 2021.
  • Nearly 68% are spending more than 30% of their IT budget on data storage, backups and disaster recovery—similar to 2021.

Some of the challenges highlighted in the survey include complexities in constant move of data to the cloud, the high costs of data sourcing, the lack of visibility into characteristics and quality of the data, and compliance with laws and regulations. An important trend to keep an eye on would be the Self-Service sourcing of unstructured data from the cloud infrastructure. In unstructured data management, self-service typically refers to the ability for authorized users to search, tag and enrich and act on data through automation—such as a research scientist wanting to continuously export project files to a cloud analytics service.

While there are many challenges and roadblocks in managing data, the outlook for data privacy presents some clear opportunities to future-proof privacy for sustainability and adaptability for evolving changes.

The reflection of it all is to note that the growth of this alarming trend is quite different from where the call to action for building privacy programs to comply with regulations like the GDPR originated. Within three years, between the GPDR, the pandemic, and the recent tide of AI, it is necessary to revisit the Data Privacy Program and Practices for its maturity and sustainability.

The copious amount of unstructured data as highlighted in the survey are often assembled in the following different ways.

  1. Using inhouse data for data analytics and model design and development
  2. Web scraping and procuring data from sources to augment or address gaps in data
  3. Dynamic data processing on a real-time basis, including ambient data
  4. Multi-cloud federated learning for data sourcing
  5. Acquisition of synthetic data
  6. Self-service cloud data management for unstructured data
  7. Data obtained through partnerships to advance data analytics or AI outcomes
  8. Using third parties to enhance data sourced from various sourcing options

A thorough understanding of the technology used to generate static or dynamic data is essential to the responsible use of data and the implementation of appropriate privacy safeguards. A range of data types could be supported by technology such as sensors, smart devices, and edge technologies (e.g., images, video, text, etc.).

Do your privacy policies and programs adequately address these complexities and are your existing capabilities suited to handling big data challenges? Do your training and awareness programs reflect the evolving practices of collecting and handling data mentioned above?

It is impossible to emphasize enough the fact that the threat landscape is equally evolving in order to meet the volume, velocity, and variety of data, and the organizations’ ability to scale up to effectively manage risk exposure of privacy and data protection. A need to reexamine enterprise data protection organizational and technical controls is necessary to address emerging threats and data risks. In principle, today’s Privacy Management needs to adapt to match these growing complexity and scale.

Here are some recommendations for a comprehensive privacy management that is future-proof:

In light of the potential to scale up for big data and associated technologies, such as AI, we propose reappraising the following privacy capabilities. These areas pose the biggest challenges to an organization’s ability to achieve privacy objectives if left unchecked.

  1. Privacy Risk Management and Impact Assessment
  2. De-identification Techniques or Privacy Enhancing Technologies
  3. Standards and Framework
  4. Emerging Regulatory Obligations
  5. Third Party Data Management
  6. Data Policies
  7. Privacy Workforce Sustainability

In response to these challenges, with a focus on tailoring to the specific needs of the organization, Adaptive.AI provides a comprehensive approach to privacy risk and compliance assessment. They include:

  1. Revisiting privacy governance and policies.
  2. Identifying the current state and anticipated complexities of data collected and sourced.
  3. Ensuring that your current data governance, data discovery and data inventory capabilities have the scale to operate.
  4. Updating your privacy risks and methodologies including evaluating privacy impact assessments.
  5. Reframing new and emerging privacy risks with privacy objectives and controls.
  6. Evaluating your gap assessment and remediation practices and alignment with various constituencies or stakeholders.
  7. Strengthening partnerships with the cybersecurity leadership and alignment with the policies
  8. Reassessing third party data management in consideration of data volume, data sharing management including shared responsibility model and liabilities.