Taking chances with data

In today’s climate of hypersensitivity, organisations cannot afford to take chances with data.

It has now been a year since the introduction of the EU’s General Data Protection Regulation, or GDPR for short. While the impact on data compliance and security practices has been enormous, perhaps the biggest effect has been consumers’ increased awareness of how, why and when their data is being accessed and the resulting scrutiny of how businesses and public bodies are caring for it. Combined with relentless news of data breaches, this has made for a perfect storm where the consequences of misuse of data have become effectively unlimited, posing an almost existential risk to business.

You’d think that in that kind of climate, businesses would be rushing to ensure compliance with both the regulations and consumer expectations. The evidence, however, suggests otherwise. Reports on negligent data practices are rarely out of the headlines and, according to Hiscox, cyber-readiness levels are showing no sign of improvement. It’s clear that, despite paper compliance, enterprises are struggling to meet increasing consumer expectations, and repeated compromises of Personally Identifiable Information (PII) and misuse of data are taking their toll on consumer trust. What’s striking is that the companies affected aren’t fly-by -ight operations – they’re trusted, blue-chip household names such as British Airways, Marriott, Bell Canada and Facebook.

The omni-channel digital economy

For this reason, there’s a desperate need for businesses to re-examine current methods of storing and securing enterprise data. Fundamentally, if these kinds of breaches are possible, it means the underlying systems and processes are no longer fit for purpose. Many were created in an age when data was created in smaller quantities from a limited number of sources, as well as used and shared differently. These technologies were not designed for today’s omni-channel, digital economy, and nor were they designed to accommodate data sharing demands or the requirements of regulations like GDPR.

To effectively address this issue, organisations must commit to a comprehensive and systematic review of internal data processes, complex business infrastructures and legacy IT architectures. Then they must identify the areas in need of improvement, making the process of adopting new data privacy solutions even more daunting. All processes must be designed to remove the opportunity for data to be accessed or shared by employees for whom it is not relevant, without jeopardising business agility or collaboration. After all, if a user cannot see data, there is neither the opportunity nor the temptation to misuse it.

Preserving the fundamental right to data security and privacy

So, how can organisations overcome collaboration challenges without disrupting business operations? Moreover, how can they do this while simultaneously upholding the required levels of security and data privacy? Distributed ledger technology (DLT) is one answer to this conundrum.

Through DLT, you are able to create a single, shared version of the truth that ensures decisions on access are made collaboratively. By doing so, this removes the risk of a single organisation ever being able to unilaterally control access to data belonging to another. This is all done while working seamlessly with current systems and APIs, allowing organisations to easily integrate and future-proof their architecture, while effectively eliminating the threat of a data leak.

In the HR and payroll sector for example, sensitive PII and business-critical data can now be securely exchanged with third parties outside of the traditional perimeter of control. Using DLT-based controls, organisations are ensuring employees and partners can only see data pertinent to the tasks they are working on now. This exponentially reduces the potential attack surface from all the data that could be shared, to just a handful of records at any time.

It’s certain that the huge volumes of data generated today will be dwarfed by the growth we will see in the next few years. Managing this information in the most effective way, without inhibiting agility will be the difference between business success and failure. Those organisations that have the ability to provide secure, trusted, contextual access to PII data, with users enjoying full control over their information, will be the ones that thrive by meeting and exceeding consumer expectations. It’s simply no longer enough for business to talk about managing data effectively – it’s time to start doing it.