The importance of information governance and privacy
Regulatory Compliance
The capability to discover sensitive data, tag it as such, and then obfuscate it— so users can still access surrounding data that’s not sensitive—is the foundation for regulatory compliance. In addition to encryption, masking, and tokenization, segmentation is gaining traction as a means of granting controlled access to datasets with sensitive information. According to Vogt, “If you think of it like a table, segmentation is almost like row-level, security.” Coupling this approach with the above obfuscation techniques delivers row- and column-level security for sensitive or private data.
Regardless of what obfuscation methods are employed, the crux of regulatory compliance is demonstrating adherence. Solutions maintaining detailed provenance or logs, about who accessed data, why, and how that relates to individual regulations, are easily audited internally or externally to show compliance. Still, the point of the adaptive data governance approach is organizations can implement these compliance methods while still availing themselves of “the world of hyper-personalization as part of digital transformation, where the rules can be different based on how data’s used,” Hawker said.
Data quality
The personalization Hawker referenced is necessary to shift organizations’ focus from what Aaron Colcord, Privacera senior director, governance and security, center of excellence, termed, “a product focus to a customer focus.” Doing so with customer loyalty programs, timely recommendations, and customer 360 views requires maintaining this sensitive information according to an enlarging array of regulations.
However, no one can capitalize on such data without the data quality standards that make data trustworthy for these or other purposes. Once organizations have specified how data should appear in their systems, best practices for implementing data quality involve:
♦ Artificial intelligence: AI’s knowledgebase and statistical foundation can reinforce data quality conventions. “Some machine learning and inference techniques are used for inspecting data, checking for consistency, and introducing rules that connect the data to vocabularies such as glossaries,” Hodgson said.
♦ Data lineage: Identifying data’ s origination is instrumental for assessing its quality, particularly for decision making. “If I have an executive decision that I need to make, and I know where the data came from, and my peers can agree that the data I’m looking for comes from that source, and that it’s functional for the question I’m asking that’s all I need to know for data quality,” Estala remarked.
♦ Semantic knowledge graphs: This type of knowledge graph—as opposed to property graphs—has native constructs for reinforcing data quality, such as Shapes Constraint Language (SHACL). “With SHACL, we have the ability to execute, close to the knowledge graph, semantic checks on the data, and we can derive new data,” Hodgson explained.
♦ Practical concerns: Organizations must establish their data quality standards—such as how phone numbers are written—while ensuring things like data currency, completeness, consistency, de-duplications, and more. Tantamount to this requirement is quantifying data quality and denoting acceptable levels for specific use cases. That way, “What you can say is, we’re not going for 100% data quality,” Hawker said. “We’re going for 90% data quality, and our business still shows a $2 million rate of return even with 90% accuracy in our data quality.”
Changing with the times
With each passage of a new regulation or legislation related to consumer rights and data privacy, the influence of data governance over the data sphere becomes amplified. However, this development will never negate the merit of utilizing data for personalized customer interactions that yield short-term and long-term benefits. Adaptive data governance has surfaced as a credible means of balancing these concerns with a curated approach that limits the impact of risk, while redoubling the business gains of data-centric processes.