In an era where data breaches are not just possible, but expected, businesses face an escalating challenge—how to protect their most sensitive information while still extracting its full value. With...
We have been seeing a steady flow of developments in the legal rights of consumers to information privacy from governments across the globe. While the European Union has made significant strides with its robust GDPR regulations, we’re now witnessing a surge of impactful changes emanating from California and Australia. These developments have prompted numerous businesses to express genuine apprehension about the evolving data usage regulations.
The perception of the problem is that any advance towards protecting consumer identity will bring doom to any data-driven business function. This isn’t true.
Protected data can still be actionable, and cutting down on the leaks, breaches, and propagation of an individual’s personal information is a worthy endeavor and a sensible expectation of the public at large.
Picture a bank offering safety deposit boxes to customers within its vault. To make it easier for bank personnel to locate your box, they label the front of the lockbox with your name and address for all to see. Additionally, since they often have difficulty finding a customer’s key, they leave each of the locker keys inserted into the locks, so no time is wasted searching for the key. Yes, these approaches to security make things easier for the bank, but it is not a reasonable exchange for the negative effects to the customer’s security.
Striking a Balance: Privacy and Data Utility
In the realm of Big Data, your identifying information is like the key; it can link specific information with anything else associated with you. Keeping your personal information stored in an unprotected, accessible manner (akin to the name written on the front of the lockbox) because it simplifies linking isn’t a balanced arrangement with the risk to the consumer’s or patient’s privacy. Instead, a business should manage those risks with the proper and appropriate controls even if it requires a bit of one-time re-engineering.
This area has been a passion of mine for decades. I grew up working in a family business that processed “consumer lists” back in the 80s — the age when every consumer behavior was bought, sold, or stolen, and the concept of a privacy policy was yet to be invented. Through the experience of writing the software that would process all this data, I observed how your identity flows from company to company, multiplying your exposure to exploitation of this knowledge.
The wrongness of trafficking people’s personal identity has left a mark on me, and I have spent the last decade actively developing solutions that can provide a sustainable approach that can replace the status quo. The goal is not to work around the problem. The mission is to build a technology that is very easy to use yet redacts all the personal information in the process.
Technology can handle the challenges of identity protection.
It’s time to rework the use of identifying data to balance useability and protection. Claiming that enhancements to privacy rights helps individuals but damages businesses is only valid if the business isn’t willing to “lock the boxes.” Modern cryptography brings the protection that, quite frankly, should have been in place prior to emerging privacy legislation.
Fix the data protection practices and both businesses and individuals can win.