GDPR, data privacy, anonymization, minimization. . .oh my!

The global populace is asking for the IT industry to be held responsible for the safe-guarding of individual data. Steve Touw examines some of the data privacy regulations that have arisen and covers design strategies to protect personally identifiable data while still enabling analytics.

In this new world order, data collection must come with a corporate responsibility to protect data. Recently, society has influenced policy, leading to some very rigidly defined data privacy control legislation, such as the EU Data Protection Regulation (aka GDPR), the Russian federal law on personal data, and the German Bundesdatenschutzgesetz (BDSG). GDPR is not just a slap on the wrist. A breach or misuse of data may engender a fine of 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year (whichever is greater). So what does all this mean? Enterprises must begin to separate security and privacy. Encryption, defensive cyber-controls, etc. are security policies. Privacy is a data management problem with a business process wrapped around it that culminates in an information governance strategy for an organization. A well-built governance strategy creates a workflow for the creation of advanced analytics with data privacy at the core of the design. Designing models and analytics and then going back to add data privacy controls is much, much more difficult and sometimes impossible—and at the least very risky. Steven Touw tackles the anti-patterns and best practices for a data architecture that helps answer these questions through technology, examining how to design your data and analytics architecture to keep your data science teams delivering results legally. Topics include: