What do professionals responsible for supporting privacy efforts typically care most about? Dutifully safeguarding the personal information entrusted to them.
Those professionals responsible for supporting privacy efforts should therefore prioritize effective enterprise data management because it is integral to safeguarding individual’s privacy. A well-structured data management framework works to ensure that personal information is handled ethically and compliant with regulations, while fostering a culture of responsible data stewardship within organizations. When done right, this reinforces trust with stakeholders, serves as a differentiator in the marketplace, improves visibility into data ecosystems, expands reliability of data, and optimizes scalability and innovative go to market efforts.
ISACA’s book Applied Data Management for Privacy, Security and Digital Trust serves as a roadmap for the everyday practitioner looking to navigate this complex space. The primary audience for this book – privacy and data governance professionals supporting privacy efforts – will uncover the 1) components and practices to develop an effective data management program, 2) challenges that enterprises face when incorporating data management into privacy and security, and 3) includes an example use case scenario to bring it all to life.
Equipped with this information, professionals will be better positioned to execute data management and deliver on the purpose of supporting privacy, security and digital trust. According to ISACA,“Digital trust is the confidence in the integrity of the relationships, interactions, and transactions among providers and consumers within an associated digital ecosystem. This includes the ability of people, organizations, processes, information, and technology to create and maintain a trustworthy digital world. Digital trust requires strong privacy and security programs that are supported by effective data management practices.”
Managing data effectively is a prerequisite to achieving privacy and security goals. Without strong data management practices in place, privacy programs will fail and security risk will increase. A lack of security creates vulnerability risk; not addressing privacy creates noncompliance risk; and both increase the probability of loss of revenue, reputation and trust.
How to develop an effective data management program
Applied Data Management for Privacy, Security and Digital Trust breaks up the approach to data management into eight key tactics:
- Data Strategy
- Data Governance
- Metadata Management
- Standardization
- Data Operations
- Data Quality
- Platform and Architecture
- Supporting Processes
When combined in a holistic manner, these tactics can improve the maturity of a data management program, and deliver on the purpose of supporting privacy, security, and digital trust.
Encountering challenges along the way
But it is not necessarily a walk in the park. Several substantial challenges can make achieving effective data management difficult, including but not limited to:
- Organizational silos
- Poor data quality
- Improper data storage
- Lack of insight about data
- Shortcuts in data operations
- Compliance with global data privacy regulations
Most, if not all, of the global data privacy laws and regulations require data to be managed effectively. To comply with these laws and regulations, organizations must first understand the data they collect, the purposes for its collection, how it is used, how it is shared, how it is stored, how it is destroyed, and so on. Only after organizations have a full understanding of their data ecosystem can they begin to implement effective controls to both protect data and preserve the ability of the data to achieve intended operational goals.
Bringing it all to life
So how does the practitioner bring this all to life? Applied Data Management for Privacy, Security and Digital Trust focuses on the application of data management tactics with the intent to demonstrate value to the organization and directly impact security and privacy in support of digital trust. Starting by highlighting the privacy engineering objectives from the National Institute of Standards and Technology’s An Introduction to Privacy Engineering and Risk Management in Federal Systems, practitioners become well-oriented on the task at hand. These objectives include:
- Predictability; enabling reliable assumptions by individuals, owners, and operators about PII and its processing by an information system
- Manageability; providing capabilities for granular administration of PII, including alteration, deletion, and selective disclosure
- Disassociability; enabling processing of PII or events without association to individuals or devices beyond the operational requirements of the system
It is worth nothing that while these objectives should be considered for any new system or technology that may collect, store, or transmit personal information, they should not be considered all-encompassing, but rather a starting point. For example, Jaap-Henk Hoepman’s Privacy is Hard and Seven Other Myths does a wonderful job debunking persistent myths surrounding data privacy while outlining privacy design strategies that system designers can apply now – worth a read for those wanting to dive deeper into this specific domain.
Following the introduction of these objectives, the book concludes with a closing section presenting a fictional use case of an organization wanting to use an AI chatbot to assist with certain operational activities. The example demonstrates in greater detail how to apply the eight introduced data management tactics for tangible benefit and how they support the defined objectives of privacy engineering. The use case is a topical illustration given the explosion of AI exploration, adoption and regulation currently underway.
Where to go from here
If data is the new currency of business, then organizations with better data management will excel. Digital trust is the foundation needed for a data-driven and connected environment. Trust is essential for individuals, businesses and societies at large to engage in online transactions, share information, and collaborate effectively. As technology continues to play a pivotal role in our lives, building and maintaining digital trust – via effective data management – becomes vital in safeguarding privacy, preventing cyber threats and promoting the responsible use of technology.
Applied Data Management for Privacy, Security and Digital Trust will be published in the coming weeks and should be on the 2024 reading list for any privacy and data governance professionals supporting privacy efforts and wanting to make a positive difference when it comes to safeguarding the personal information entrusted to them.