91ÊÓƵ¹ÙÍø

91ÊÓƵ¹ÙÍø should security affect your data governance strategy?

As businesses and users, we are overwhelmed by data generated by a large number of websites, devices, software, applications, and social media platforms. This is not just digital media: brick and mortar stores also generate large amounts of data through billing counters and customer forms filled in the store.

All of this adds up to an ever-increasing big data database. By 2020, it is expected to generate approximately 50.5 ZB of data. By 2025, the total amount of data generated will reach 175 ZB.

Therefore, data protection is essential. The introduction of data protection policies such as the EU General Data Protection Regulation (GDPR) and the APEC Cross-Border Privacy Rules (CBPR) has placed greater pressure on organizations and the way they process data. The increase in cyber attacks and data breaches increased awareness of the importance of data, privacy, and the consequences of data theft and the obligation to comply with data protection regulations has prompted organizations to develop better data governance policies and cybersecurity strategies.

Data governance is needed to maintain data security, availability, consistency, and integrity. It also proposes methods for managing and using data, assigning data management responsibilities, defining protection protocols, and determining the importance of data and access rights.

The factors that affect data governance strategies include the following:

• Data Classification:

  The implementation of regulations such as GDPR makes it necessary for companies to identify the nature and type of data and to ensure that data usage complies with GDPR. In this case, the organization should draft a data governance policy to clearly distinguish personally identifiable information from common information and handle two different details in a prescribed and permitted manner. These policies should define the scope of information and access rights to avoid data abuse and privacy violations.

• Data storage and infrastructure:

  According to AtScale's "Big Data and Analysis 2020 Maturity Survey", 79% of companies worldwide use a hybrid or multi-cloud strategy, and only 24% of respondents still choose a single cloud provider. The report also pointed out that data governance is still the top priority for enterprises, and 80% of companies believe that data governance is very important. This shows the importance of data governance in today's complex cloud infrastructure, which requires a combination of different cloud systems that support business-critical processes and data transmission.

  Poor data governance strategies can lead to unintentional or deliberate destruction of data, which can lead to data leakage or data misuse, which can lead to ransomware requirements and regulatory fines, which can damage reputation and finances. Competitors can also access this leaked data, which may harm the business.

• The internet:

  The company now allows employees to use the company network to work offsite and put their equipment (BYOD) into work. As a result, they use a variety of third-party applications and software in their daily operations. By adding many different endpoints, this expands the company's network.

  Each device and tool connected to the company's network has different configurations. Only a comprehensive set of data governance policies can help manage and control data, access it, and use it. The company's data governance policy should also be consistent with its supplier's policies to establish a foolproof data protection framework without leaving any gaps that could be exploited by attackers.

• Employees and senior management:

  Employees and senior management constitute the human aspects of the organization and are also important elements in the cybersecurity framework. Many network vulnerabilities are related to human negligence or intervention. They are also people who have access to data to operate and manage daily business.

  Although lower-level employees may not always have full access to all of the company’s systems and data, senior management is usually at your fingertips. Since attackers mostly use these top managers as part of phishing attacks, there must be a reliable data governance strategy to define the data accessibility and accountability of these top managers and the responsible use of data. The data governance strategy should also define the behavior and access rights of employees at other levels and promote good data usage habits.

  These are some important factors that affect the creation of a powerful data governance strategy, which is very useful for effective data and network protection.

Ethics and responsibilities in the data age

We live in an era, the world lives in a digital ecosystem, and we are constantly striving to stay in touch through social media platforms and applications, mobile devices, IoT systems, and various other digital media. This continuous connection requires the exchange of data, which generates a large amount of data every second for companies to use artificial intelligence, big data analysis, blockchain, and machine learning, and other digital technologies to determine trends, customer insights to mine, filter, structure Analysis, and behavior patterns. Although these insights help customers to provide more optimized and customized solutions, there is always the threat of excessive interference with personal data to derive such personalized recommendations. The pace of development of laws and policies around data protection and management is not synchronized with the development of technology. The realization of the risks associated with this is now encouraging companies, policymakers, technicians, and governments to formulate and update data laws. After considering the moral and cultural values, it is suitable for today's digital environment. As digital technology flourishes and the world becomes more and more digitized, it becomes more important to identify right and wrong and try to ethically manage the impact of technology.

Over the past few years, the importance of this issue has increased many times, especially after the world witnessed major accidents caused by data loss and leakage, data theft, and serious network security breaches. According to the data of the Privacy Clearinghouse, in 2018 alone, 1,366,471,618 records containing personal and other sensitive data were leaked. These figures reflect the 635 incidents of violations that were disclosed. It is safe to say that the actual number will be higher, because there may not be a few incidents noticed, and there may be several companies that choose to hide data theft.

Increased customer awareness of the importance of data, the vulnerability of personal and sensitive data, and protectionist attitudes to data have led to insufficient trust between customers’ trust in the organization and their trust in the data of the same organization. A worse and worse situation is that companies are increasingly using the ethical dimension of automated systems and tools. These companies are using these systems and tools to collect, segment, and analyze data to describe customers and understand their behavior patterns, understand the macro Economic and microeconomics trends and forecast the future of the business and market. Data sets (AI) used to train these technologies (such as artificial intelligence), machine learning, deep learning, and data analysis can be highly biased and biased if the variables present in the data set reflect a certain kind of bias. Analytical models trained on such data sets can magnify prejudice or bias.

To solve these problems, some competent authorities, agencies, governments, and policymakers are enacting data protection and management laws. 91ÊÓƵ¹ÙÍøever, these laws sometimes have certain exceptions and interpretations for purposes such as public safety and law enforcement, and sometimes become a gray area of the law. These gray areas are used by technicians, data scientists, companies, and other parties for profit.

No law can provide absolute protection for data, but certain codes of ethical conduct and accountability can help reduce the risk of data harm.

As companies increasingly use available customer data for monetization beyond their original purpose, the need for a code of ethical conduct becomes increasingly important.

The company collects customer data from various sources, such as forms that customers fill out when visiting offline or online stores, loyalty programs, social media platforms and applications, website visits and cookies, and third-party database providers. Companies and employees involved in data transactions should ensure that customers’ identities and private details are handled with the utmost care and that the data is kept confidential. Entities obtained with consent to participate in the exchange of consumer private data should ensure that the data will not be leaked or leave any traces.

The company should obtain the customer's personal information with consent after clearly stating the nature of the collected data and the object, time, and purpose of collection.

Companies that collect customer data do this to analyze the data and draw actionable insights from them. These insights can be used to improve operations and drive the business forward for monetary gain. In doing so, it is ethical to impose certain restrictions on the company, so as not to excessively expand the scope of intervention, so that the company is caught in financial troubles and management laws and individuals caused by lawsuits challenging the company’s interference and the use of data that violates data protection privacy.

Although the company may not be ready to share all of its intentions explicitly, for them, the extent of disclosing their intentions to collect data and informing customers how their data will be used and how private details will be used is only moral behavior. consider. Customers should have a transparent view on how to use or sell their data, and they should have the right and ability to control the flow of their private details. Customers should also be informed of financial transactions caused by the use of their details and the scale of such transactions.

The importance of data and the increasing focus on data protection have prompted multiple regions to draft their data protection and control policies. Competent authorities have also updated privacy rights consistent with today’s technology and its evolving features. The General Data Protection Regulation (GDPR) and the EU-US Privacy Shield are some examples of important data protection laws that protect the collection and management of personal data. The company must comply with regional rules when operating or processing data of residents in the area.

Entities not only need to comply with land laws, but they should also have a set of agreements that can be followed throughout the organization and its partner network to maintain data security and integrity. The company's senior management can work with data scientists, technicians, academics, and policymakers to create a framework for the ethical use of data after considering cultural values and ethical systems. This will help create a comprehensive ethical framework that will consider almost all aspects of the work, and when mining and analyzing data using new-age technology, cross-disciplinary professionals can easily follow these ethical frameworks.

Companies should adopt a "design privacy" approach to instill ethical values in the planning phase of platforms that design or use data. This will help improve data security.

The company relies heavily on the results obtained through the implementation of technologies such as big data analysis, machine learning, deep learning, or data artificial intelligence. They are using the technology to describe their customers to develop more customized marketing strategies and solutions, and to describe potential customers, potential employees and potential market areas to promote their business development. But among all of them, they often overlook technical shortcomings. Technologies including machine learning, predictive modeling solutions, and AI tend to use available data sets to train their algorithms. The final algorithm may be very rigid. It can select trends from available data sets. If there are biases in the available variables, the analysis technique will train them and establish a biased or biased causal relationship model. The model enlarges the biases several times, giving incorrect or Wrong information can lead to an assessment of ethically wrong decisions.

An example that better explains this is Amazon’s recent decision to abandon its AI recruitment tool. When reviewing applicants’ resumes, the tool seems to be more biased towards results than men. The tool has been trained to learn the patterns in resumes submitted in the past decade, thereby making up for the data bias that shows male dominance in the industry.

This shows that companies need to review their analysis algorithms and seek more transparent data analysis to better understand the correlation and causality models established by these analysis tools. They should also evaluate tools to more effectively identify whether the applied algorithm violates the privacy protection code in any way.

The importance of data will only increase with the development of technology, and we use more and more digital solutions in our daily lives. Data is neither good nor bad, but the analysis and use of data endow it with a moral dimension. From the company to the user to the government, data scientists, technicians, technology developers, and everyone else in the middle are the responsibilities of every stakeholder involved in this process to ensure the safety and integrity of the data. We should strive to increase the transparency of the way data is collected, accessed, shared, used, and managed. More care should be taken to ensure that data management and analysis tools have appropriate security measures so that they do not operate abnormally, cannot be easily hacked, or used by users as oppression tools. Also, it is always a good thing for companies to protect data and use it responsibly to avoid complaints and class actions.