The rising use of digital technologies and the Internet during the past decade has led to a dramatic explosion in the collection and use of personal data by government agencies and businesses. For the most part, the information has been leveraged in ways that make people's lives easier and more productive. Businesses throughout the world now routinely conduct important business transactions and trade data with business partners over public networks. And a growing number of consumers are banking, shopping, booking travel arrangements, updating account information and filing taxes, all without leaving their offices and living rooms.
But while electronic use of information provides numerous benefits, it also poses various risks. Today's headlines, with their disturbing accounts of identity theft and security breaches, underscore the dire consequences of electronic communications and electronic data sharing. Moreover, the increasing frequency of negative publicity has heightened public awareness of the security and privacy risks associated with the information age.
The growing concern for these threats, coupled with the burgeoning list of privacy and security compliance restrictions (i.e., the Gramm-Leach-Bliley Act, Health Industry Portability and Accountability Act, National Do-Not-Call Registry and Sarbanes-Oxley Act) are two very important reasons why organizations among every government and business sector must take steps to ensure the privacy and security of customer data. To address these challenges, many organizations are implementing customer data integration (CDI) solutions, which allow them to leverage customer information to their best advantage, while securing and managing data to ensure that rules and policies governing privacy and security are respected and followed.
Data Problems that Endanger Security and Privacy
Figure 1. 10 Steps
Many data privacy and security problems occur due to the proliferation of inaccurate data maintained by the growing number of private, corporate and government organizations. With today's rise in use and reliance on the Internet, the volume of data has increased dramatically, but the quality and accuracy has actually decreased. Industry analysts report extremely high degrees of inaccuracy in files maintained by credit bureaus, collection agencies, health providers and direct mail services. Unfortunately, inaccurate data that is erroneously released or shared can negatively impact people's privacy and damage their reputations.
Security and privacy can also be compromised by any alteration of data that takes place as a result of activities such as format conversions or system migrations that increase the likelihood of errors and inaccuracies. In-house systems that attempt to integrate customer data with basic customer relationship management (CRM) systems are susceptible because data must be moved and/or stored in large databases, rendering data vulnerable to theft or loss of integrity.
Organizations without systems in place to manage who is allowed access to data and what subset of the data they see also expose themselves to increased security risks. A business that grants unrestricted access to every employee experiences more data misuse than a company that implements a tiered access policy. Easy access to information stored in large databases can result in unauthorized disclosure of private information.
In addition, organizations and businesses that share data by sending extracts from their systems face an increased risk of exposure any time they send information beyond their network firewalls. This common method of data sharing has been responsible for a large percentage of the very public security breaches. Organizations that access and utilize sensitive information - such as hospitals, financial institutions or law enforcement agencies - face the greatest potential damage (such as theft of financial data, leaks during active investigations, misidentification of patients or suspects and even loss of life) in the event of any loss or breach in data integrity. One of the most important measures an organization can take to maintain privacy and security of data is to use technology to institute and enforce a minimal use principle for data access, which means that people only have access to the data they need to execute their tasks - no more and no less.
Robust CDI Solves the Problem
Comprehensive CDI systems identify, link and synchronize customer information across systems, sources and external lists to create integrated customer data from disparate applications and data sources. CDI systems access and compare similar records about a specific customer, eliminate duplicates, evaluate possible errors and link them to form a single, accurate version of a record, which can help improve customer service, streamline business processes and enhance delivery of services. Creating a single, accurate version of a record enables organizations to ensure the accuracy and integrity of the information they provide in order to avoid cases of mistaken identity that could cause personal embarrassment and hardship for the parties involved, not to mention the potential expense of litigation pursued by dissatisfied clients and angry individuals.
The most comprehensive CDI solutions provide data management solutions that enable organizations to comply with stringent security and privacy regulations, while allowing continued on-demand, real-time data sharing with employees and customers. CDI models, which allow organizations to publish real-time data sharing services while maintaining control over what data are seen and by whom, are much safer than the commonly used extract-and-transport method. With the extract-and-transport method, once an extract of data leaves an organization's firewall, the owning organization loses control.
To support this safer method, a CDI system must know where all of the data in the enterprise resides so that it can examine individual records and enforce appropriate security and privacy rules. With this awareness, it can centrally manage and enforce policies regardless of where the data has been collected, generated, used and stored. This capability enables a CDI system to serve as the foundation for comprehensive security and privacy control within an entire enterprise or organization.
