MarkLogic’s Tim Macdermid talks about the impact new global privacy laws will have on Australian organisations and how best to tackle compliance.
There’s a crackdown happening across the globe with new laws aimed at giving control back to consumers over their personal data. Companies are, and will increasingly be, held responsible and accountable for the customer data they store and mine.
Europe’s GDPR Act is one such law that promises to strengthen data protection for all individuals within the EU. GDPR comes into effect in May 2018 and will have serious implications for businesses, including those in Australia since the laws also address the export of personal data outside the EU. On home territory, the Notifiable Data Breaches Scheme amendment to the 1988 Data privacy Act, comes into force in February 2018. This applies to all organisations with existing personal information security obligations under the Australian Privacy Act 1988 (Privacy Act) from 22 February 2018.
Irrespective of geography, the trend is that no Australian organisation dealing in data or working internationally is immune to consumer data protection measures coming into force.
{loadposition peter}In this new world of data privacy, a host of issues are arising, be they breach notification or deleting personal records. Something as simple as fulfilling a request to delete a client’s records can pose significant hurdles. This is evidenced by the ‘Right To Be Forgotten’, which Google is currently navigating in Europe.
Deleting records may sound straightforward but customer detail are stored all over the place. How can you be sure that the data you deleted is really gone? Consider the various types of documentation, photos, social media accounts, videos, etc. All of which you know to be linked to John Smith’s account yet you can’t explain why your search isn’t coming back with all of his files.
For most organisations, the numerous data silos or disparate systems created for managing data over the years mean there is likely no one system that has all this data in one place, and therefore there is likely no one easy click to ensure these requests will be fulfilled to the letter of the law. This presents a tremendous data integration problem for organisations and their data and technology teams.
So what are common obstacles IT professionals may face in preparing to comply systems and processes with these new laws?
1. “But we have data on top of data”: The first is — and this doesn’t just affect data privacy — the majority of organisations have data spread across multiple different silos. When you think of big data, small data, metadata or any type of data, most people believe that data scientists are able to spend all of their time working with all of their data to get the best insights they can - the kind of insights that can change the fortunes of a company. Unfortunately, this couldn’t be further from reality. A recent study by CrowdFlower found that 60 percent of data scientists’ time is spent ‘wrangling’ or ‘cleansing’ data to make it fit into their database provider. This is a terrible waste of time, money and talent. This means that when it comes to a request to be forgotten (or deleted), there’s no efficient means or guarantee it’s erased from all locations.
2. “But our current systems are not capable of bringing data together”: Data integration is critical to any successful data mining exercise. Centralised and organised data is key but most systems simply cannot ingest all the data as-is. Because many IT departments work with structured data, they think that they should store all their data in a relational database or data warehouse. But those systems don’t let you load data as-is, which often results in six plus months and sometimes years of mapping and modelling. If you want to include unstructured or semi-structured data – for example, all the information in a contract, in digital cameras, or text messages – the job just got harder.
3. “But can't we just use our existing tools and vendors?”: Yes you can, with a mountain of training, development and time all of which come with a huge price tag. For example, it is possible to find a workaround and simply use your existing database provider. But this will require extended development time due to the fact that they are trying to shoehorn unstructured data into a structured environment. Time is not on your side and the cost and reputational implications are huge. By choosing a flexible approach to managing your data upfront, your organisation can more easily drive business outcomes – not to mention quickly adapt to changing industry regulations.
The Obvious Solution
If you have a Centralised Operational Data Hub that creates relationships or semantic associations (i.e. metadata) between entities, for example customers, you can do a search and find all assets associated with a specific individual for easy, one-touch removal. All of the data, whether it is structured or unstructured, should be semantically linked to ensure that you find all of John Smith’s character-centric files (alphanumeric or otherwise) along with any other file (pictures, videos, social media references). In this way, you can capture and delete data with ease in a timely manner.
In just four months, it will be impossible for any organisation operating in a global marketplace to ignore laws geared toward increased data protection. And the stakes are high. If found to be non-compliant, it could cost a company millions. This means that failure to pull and delete all data on John Smith could financially make or break a company. Consider too, that while failure to comply can lead to fines... it could also lead to a public relations nightmare that brings into question a company’s integrity.
Beyond just deleting records, a centralised operational hub solves many compliance and regulatory issues. It should be considered a core solution for any organisation looking to stay on top of risk and compliance in a global economy.
About MarkLogic
For over a decade, organisations around the world have come to rely on MarkLogic to power their innovative information applications. As the world’s experts at integrating data from silos, MarkLogic’s operational and transactional Enterprise NoSQL database platform empowers our customers to build next generation applications on a unified, 360-degree view of their data. Headquartered in Silicon Valley, MarkLogic has offices throughout the U.S., Europe, Asia, and Australia. For more information, please visit www.marklogic.com.
MarkLogic is a registered trademark of MarkLogic Corporation in the United States and/or other countries. All other trademarks mentioned are the property of their respective owners.
###
For further media information, interviews or images, please contact: Jo Balfour jo@progressiva.com.au