By Stephen Troyer, Head of Business Development at Helios Data Inc.
Data partnerships – they’re incredibly powerful. They drive valuable efficiencies in marketing and advertising, drive scale for reaching consumers—and deliver real benefits for consumers too. But do you know if your data partner takes security as seriously as you do?
Most legacy data sharing security approaches today rely on legal contracts to protect data controllers and providers, and enforcement tactics are fundamentally reactive, dealing with breaches only after the fact. Yikes. This flawed approach puts you at more risk than you may realize. Facebook paid a $5 billion fine for its role in the Cambridge Analytica incident, which was a drop in the bucket compared to the ensuing antitrust probe of the social media giant and the utter collapse of the political consultancy.
It’s a harsh reminder of what can happen when a data partnership goes sideways, and why you shouldn’t assume privacy regulations and legalese will give you cover when a breach happens in a data partnership.
Beginning with GDPR in the EU, CCPR in California, and more recently followed by privacy laws in Brazil, Virginia, and Colorado, regulation is proliferating globally, and the attention to violations will only escalate in the months and years to come. This is why there has never been a better time to ensure a proactive approach and mechanism around secure data sharing.
These laws require the company with the consumer relationship (the “controller”) to ensure that any sharing of the controller’s personal information with third parties (e.g., partners, vendors, customers) is done transparently to the consumer and under contracts that ensure these third parties will use shared personal data only for the controller’s purposes. With very few exceptions, the controller is ultimately responsible if a data partner uses it for unauthorized purposes. With these new privacy mandates, not only the data controllers but also the data processors are liable for privacy violations—and reputations and brand market value are on the line. It’s not enough to be transparent about your data storage practices and breach events.
So back to that original question: Do you know if your data partner takes data security as seriously as you do? You probably don’t, which is why pre-emptive mitigation and a control mechanism to prevent unauthorized access in the first place are vital.
Without a proactive method for managing and monitoring processes that share personal data with third parties, controllers’ risks are high.
Your best defense is a technology solution to proactively prevent such incidents from happening.
What if a digital framework could embed the data governance terms and conditions of partners’ legal agreements into the data before it’s even exposed? Think of this as a “smart digital contract.” It is essentially a cabinet, a trusted collaboration container of sorts, with an algorithm handing out the golden keys only to those who meet the terms and conditions, and specific data consent requirements. This is where the industry needs to go.
So, how does today’s Data Protection Officer prepare for and operate within this emerging reality? A few best practices:
- Controllers need a way to proactively manage their data sharing and monitor its use by the controller’s data processors. And it needs to be preemptive so it happens before a breach.
- Controllers need a neutral environment for the data because companies often need to partner with companies with whom they also compete.
- Partners need data controls that can stop any unauthorized use of the data cold proactively.
- Marketers and data analysts should be able to realize the incremental value from protecting their data without worrying about the cumbersome internal processes or excessive incremental costs.
- Once the person who owns data revenue and digital transformation can align and share an understanding with those charged with data security, the growth potential can be unlocked.
- Make sure you have a tamper-proof audit trail to simplify and minimize the expense and opportunity costs of compliance audits.
Data is sophisticated and complex, the process of protecting it doesn’t have to be. It just calls for smarter application of data science and technology to close the gaps.