Privitar on Wednesday reported that 60% of the data leaders it surveyed are unable to use more than 40% of their data because of privacy concerns.
And while the data available to those surveyed is readily accessible – 84% can receive data in less than a week – this represents only a fraction of what they need to drive innovation, according to researchers.
In response, seven out of ten respondents have or plan to invest in a data privacy solution within the next year.
“Businesses need timely access to data to gain accurate insights and drive competitive data initiatives, but they also need to ensure their data remains safe and compliant," said Steve Totman, chief strategy officer at Privitar, in a statement. "Balancing an organization’s need for analytical utility with the need to protect personal customer information and comply with rapidly evolving regulatory requirements is no small feat – but it is one that if not addressed will curtail an organization’s ability to reach the full potential of their data and analytics initiatives.”
Claude Mandy, chief evangelist, data security at Symmetry Systems, told SC Media there are multiple reasons why organizations may face delays in accessing personal information. However, one the most critical is that all privacy regulations by design require organizations to have a legitimate legal basis for collecting, using and storing personal information, including use of such data in analytics models.
Mandy said the privacy regulations require companies to notify individuals that the data is being collected and provide transparency in how it's used and shared. Furthermore, more modern regulations require a detailed privacy impact assessment when planning to ensure privacy is implemented by design.
“This may seem to create delays, but are much needed safety checks that the privacy of users is not at risk,” Mandy said. “Although not specifically stated by the research, we are hopeful the delays being experienced are recognition by organizations that the importance of this cannot be overlooked – and that delays are worthwhile in avoiding penalties.”
Craig Burland, chief information security officer at Inversion6, said while the surface story from the research is one of inefficiencies and cumbersome controls, there are frequently valid reasons that data isn’t universally accessible. Burland said GDPR puts limits on the ability to access personnel data, while information about products sold to the U.S. government often has significant restrictions to protect national security.
“The problem this study points out is less about technology overlap and more about how various privacy and regulatory controls were considered in designing solutions,” Burland said. “If controls weren’t considered when the data was gathered and stored, limiting or restricting access afterward is likely done in a sub-optimal fashion. If access characteristics are embedded into the system design and attached to the data on ingestion, summarization and presentation to data leaders becomes far easier."
However, Burland said it will take an evolution in how technology leaders think about and embed security in solution development to see real change in this area.
“Changes in security mindset driven by concepts like zero-trust and secure-by-design may be the catalyst this space needs to deliver the right data to the data leaders," he noted.
