How to minimise your data risks

Author: Beatrice

Do you understand your company data? Data is one of any company’s most valuable assets but it’s probably the one we understand the least. And, this is also the asset that is suffering from a lack of trust. According to a recent Talend survey, only 35% of the respondents in the UK always trust the data they work with. So, if we can’t understand and trust the data we are using every day to run our business, how can we make sure data is safe and does not compromise growth and sustainability of an organisation?

If the security of information systems has been scrutinised by organisations for decades – putting in place the right protocols, training employees on security awareness – data security (and privacy). It has started to be on the agenda of boardroom discussions since GDPR came into force in 2018. Creating a major disruption in the digital industry. With this ground-breaking regulation, the EU paved the way to data privacy laws in many other regions and countries around the world. Protecting personal data of users, consumers and citizens is the aim of these regulations – making sure data is used in a responsible manner, and it is protected from data breaches.

It can be something as simple as the right data in the wrong place. So much of our conversation about security centres around personally identifiable information (PII). If PII data isn’t identified or isn’t in the right field — for example, payment information erroneously mapped to an unprotected field and viewed by unauthorised individuals — you could be at risk of exposing very sensitive information. Data breaches affect organisations every day and often make the headlines. Most recently, 700 millions of LinkedIn users data were exposed. In 2018, the hotel chain Marriot International announced 500 millions of customers data was exposed.

With regulations like GPDR, financial consequences on business can be substantial with fines up to 10 million euros or 2% of global turnover. However, the major consequence is the lost of consumers’ trust. The challenge of such regulations is also to make consumers trust the organisations with which they share their data. One way to achieve this is to give them the opportunity to take control, and to be transparent, on the processing of their information with options allowing them to exercise their rights autonomously. This can be achieved with the right approach to data management to make sure you can efficiently reduce data integrity risks. 

Step 1: Assessment

The first step is to identify areas in wich your data is at risk; starting with data sources. Understanding both the quality of the sources and the quality of your information. Mapping is key to evaluating your risks when we talk about data sources. We have to consider not only where data comes from, but how it enters our systems. For illustration, it’s likely secure to accept that the lead list you obtained from a seller isn’t as exact or up-to-date as the list of leads you captured from a later, focused on, double-opt-in campaign.

However, in the event that you trust 100% the accuracy of each record from each data source — counting manual section by sales representatives, entries from any run of online channels, engagements within products or apps, and shared information from accomplices or parent companies — you’d still be looking at a variety of areas, guidelines, and definitions over sources. One source may require a country code within the phone number field, whereas another does not. One source may have a single title field, whereas all the others break out to begin with first and last names.

After evaluating your data sources and information in there, the second step consists in checking data security. In case all your information were collected in a single Excel spreadsheet, it would be ideal to simple assign an individual or two to observe over that information, keep it secure, and approve it, line by line. But that’s not the world we live in. For most of us, the scene of our information foundation may be a complex array of interconnected programs and stages. There are solutions that specialise in interfacing frameworks and ingesting information into a store. And few businesses have been able to do that — but are they truly getting a genuine sense of information wellbeing? Would they indeed know in case they had information quality issues?

The primary step of information security is safely interfacing information sources, ingesting information, and performing quality checks to ensure we’re getting the appropriate information in the right place. Then, data profiling can offer assistance to ensure that phone numbers look like phone numbers, and emails look like emails, and so on.

The third area of assessment is compliance with the aim of protecting your data. In 2020, 37 billions of data were exposed through breaches for a total number of data breaches of about 4,000. A recent study by the UK Information Commissioner’s Office (ICO) discovered that up to 90% of data breaches can be traced back to human error – weak credentials, unauthorized access to data etc.

Technology like data cataloguing can help here by providing a centralized infrastructure for managing and ensuring compliance across the organization. It allows you to establish clear access protocols and permissions that will protect your data, without creating false barriers to access that might make people less effective at their jobs. It also makes it possible to automate the classification of data through semantic types and build a well-defined business glossary, so that everyone is speaking the same business language when it comes to your data.

Step 2: Minimize risk

Your data strategy and culture should support the objective of getting healthy data throughout your organisation. This holistic approach would include first data integration; the easiest way to protect yourself from compromised data is to make sure that it never enters your systems in the first place. Ideally, you will want to set up automated checks for data quality as part of your ingestion process. It should start with prioritising data sources, collecting data and profiling as well as cleaning your data.

The second step consists in data governance. With an expected value of USD 5.28 billion by 2026, the data governance market growth is driven by the explosion of data, the use of new technologies like IoT or artificial intelligence but also by the impact of data privacy regulations. The collection of processes, roles, policies, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals with the involvement of three main groups usually – data engineers, data stewards and business users.

The third and last step in this data management process is automation. Unless you’re keeping critical data in a simple spreadsheet — which would be an inefficient way to do business — you’re going to need technology to automate the repeated tasks of managing your data.

The heavy lifting will come from IT, as they set up technology and rules that will automate data integration, data quality, data preparation. From there, governance and workflow processes can all work together. If something can’t be automated, it goes through a formal review process with the data stewards.

Once you get that initial process defined and outlined, it’s not so much an exercise as just business as usual. As new data comes into the organization, defined processes automate the cleansing, enriching, and standardization of the data. Whatever data can’t be confidently conformed through automated means gets sent through defined workflows and rectified by those that know the data best. This becomes the natural lifecycle of data in your company.

Data management can’t be just a step or a moment in time, as it typically is today. It must be an active and intentional system that enables the business to better understand its data – its reliability, the risks it poses, and the opportunity it offers to create business value. You need visibility and clarity into your data. The solutions you use to manage data should provide you with the insights that will help you make your organization smarter, more agile, and more efficient while avoiding risk.

Felipe Henao Brand, Senior Product Manager, Talend