For most businesses today, personal data is a critical part of enabling a better customer experience. Insights collected from personal data and analytics drive innovation and a competitive edge. But businesses are realising that it is a tightrope walk between striving to become data-driven and managing data privacy. This is especially true with the Covid-19 pandemic bringing the use of technology to the fore.
According to a recent study by Sophos, more than half of organisations in Asia Pacific experienced a data breach in 2020, up from 32 per cent last year. Further, 55 per cent of these affected organisations reported suffering a "very serious" or "serious" data loss. It is undeniable that data breaches continue to plague businesses across industries in the region to this day, from Singapore health provider HMI Institute's ransomware attack of nearly 100,000 Singapore Armed Forces (SAF) personnel's information, Malaysia Airlines' nine-year data breach of customer data, to the Indonesian government's recent investigation into a possible data leak of more than 270 million of its population.
The bottom line? As businesses begin to embrace data-driven innovation, data privacy and protection should be a critical foundation of any analytics initiative.
Safeguarding data demands the proper foundation
To benefit from data, businesses need to build a strong data foundation to manage and protect customer data from cyber threats or human error. Data privacy and data protection are often used interchangeably in this context since both are essential foundational concepts to safeguard user data. Yet, both are slightly different. The former handles how data is collected, while the latter denotes the security controls to ensure businesses meet data privacy concerns. A robust data strategy needs to factor in both.
When it comes to data privacy, businesses need to build a data-literate culture to ensure that everyone in the organisation access, use, and share data responsibly to remain compliant and avoid any data risks. Most of us have experiences online that seem to cross the line from useful to creepy and in many respects, this communal creepy feeling gave rise to much of the privacy legislation that we see in the world today. Each organisation should think about delivering a customer experience that respects local data rules before building analytics. Grounded in a clear vision shared across the business and IT, teams can create insights that delight customers and ensure proper management of information assets throughout the process. Organisations should also appoint data champions like a Chief Data Officer (CDO) to advocate data literacy and remove the stigmas and bottlenecks around data across the workforce.
This is not forgetting data protection. Traditional data security solutions require additional support to address increasing data privacy regulations and protection requirements. As businesses move their workloads from on-premise environments to the cloud, platforms are far more secure, but organisations are trading one kind of a risk for another. Organisations remain accountable even when they have almost no direct control over the infrastructure processing the data. To retain complete control over their data, organisations need a data and analytics platform that provides granular security features and encrypts the data during the entire cloud migration process.
Don't be a data hoarder - it's time to declutter
Companies often fall into the trap of hoarding data on physical storage or electronic systems, which is forgotten and not removed in a timely and safe way.
If holding personal data is necessary for your organisation, it is essential to define data retention policies. The best practice is to be able to report how long the data has been held or used. This will help company users identify whether they are unnecessarily hoarding personal data and act. Some guiding questions can include: How long has this "potential customer" been on your mailing list? When was the last time this customer interacted with you?
Businesses can also avoid stockpiling unused data by using a modern data management solution that can help build enterprise-wide governed data catalogues - providing a secure repository of all their data for analytics. It is also vital for organisations-especially those in regions that have yet to set up a data protection legislation for them to model after-to ensure that their solutions align with the latest data protection and privacy laws worldwide, like the General Data Protection Regulation (GDPR). In ASEAN, only Singapore, Malaysia, Thailand, and the Philippines have enacted personal data protection laws.
Of transparency and accountability
Data has become an essential navigation tool in a world of uncertainty heightened by the pandemic. For example, contact tracing apps serve as an instrumental tool to protect the public's health and safety. At the same time, businesses can leverage data and analytics to predict consumer demand for services to improve their bottom line. Asian Development Bank, for example, created an analytics app using data to understand the health security posture of countries globally to forecast economic output across industries.
But organisations must also realise that behind every data point is an individual, and with that comes the importance of building trust. Individuals are not opposed to providing access to data - many are willing to trade it for convenience or access to services. However, businesses must first improve on their policy communication and practice transparency in data use. This can be as simple as regularly issuing transparency reports to provide consumers visibility and accountability on how their data is properly managed and protected. There is also a growing trend of businesses offering individuals the reauthorisation of data for a specific use, like the iPhone's periodic checks on location data sharing. This gives individuals more control over their data and helps them understand the consequences of their consent.
Protecting data in a data-driven world
As we step into a more connected future, our decisions will become even more data-driven. Of course, the concept of data-driven varies from business to business. Still, those who will stand out from the pack will lead a data-driven culture that values both the power of personal data and the responsibility that comes with its collection and use. This involves establishing a set of rules and policies around data privacy that are understood and practised across the organisation to minimise risk while deploying secure data platforms and tools that protect your data from cyberthreats and human error throughout its entire lifecycle.
If you have yet to establish a data privacy and protection framework in your organisation, the good news is that it is not too late to take a step forward today by making it a priority.
The writer is chief data officer, at Qlik.