Moving beyond data compliance to data efficiency and usability
Like the ubiquitous kitchen junk drawer, companies have for decades been hoarding vast amounts of data and done precious little about sorting, managing and storing it.
In 2003, U.S. companies in the healthcare and associated industries received their wake-up call via the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA). Then earlier this year, thanks to the General Data Protection Regulation (GDPR), all of Europe, companies that deal with Europe, and any organization with a website that collects and tracks the data of anyone living in Europe, got theirs.
Not to be outdone, in June California served notice to businesses around the globe, that deal in its residents’ data, that they too would be held accountable via the California Consumer Privacy Act of 2018 (CCPA).
This is no longer a healthcare industry, European, or American problem, it’s a global issue and the writing is on the wall for all who would let their data continue to run amok. But organizations that become compliant can actually yield significant benefits in terms of their data asset accessibility, quality and security.
CCPA and the scope of data
CCPA is the new kid on the block, so let's quickly address this new law, which requires businesses to disclose the types of data they collect, as well as allow consumers to opt-out of having their personal data monetized. This act covers all private data, whether that sits in a database or in business files. It is highly likely that many companies will not be able to manage the requirements of this new law and will have to invest in tools to understand where the data is.
It’s going to be especially difficult for the large-scale cloud companies, who are mostly based in California, to really go and find the root information among the staggering amount of data they have. With that will come the realization that they can’t put all data in the same pot and treat it as a single commodity. Instead, they will have to differentiate regular data from personal private information and that’s going to take some effort. These businesses have about a year and a half to do it, which could be very challenging.
If GDPR and now CCPA gave us anything it’s a renewed focus on the safe and efficient management of data. Still, the biggest challenge of this new landscape remains that companies don’t know what data they hold or where that data is stored.
Like the kitchen junk drawer, within many organizations, it’s often very difficult to tell which documents contain HR information, financial data, supplier notes, etc. It is even more complicated to determine the sensitivity or value of the information to the business. We call this ‘unstructured data’ – an umbrella term for information that does not have a pre-defined data model or is not organized in a pre-defined manner, and which is complex to effectively manage. It’s impossible to know how long it should be stored, or if it should be marked for deletion and if so, what should this process be.
When all is said and done, among the most substantial impacts of GDPR and CCPA will be understanding unstructured data, knowing how to manage it and providing governance for doing so. Data will be better controlled, and companies will be able to reduce the quantity and increase the quality of data, and ultimately achieve the end-to-end improvement of their business processes. Less data equals less chance for errors or storing irrelevant information and makes it quicker to find what you are looking for. The result will be exponential improvements in security and data protection, as well as overall business efficiency.
Efficiency is itself the natural by-product of making sense of unstructured data within the business. By 2025, IDG projects that there will be 163 zettabytes of data in the world, and estimates indicate that 80% of this data is unstructured. Businesses with 2,000-5,000 employees tend to have on average 100 million files, depending on the age of the company. If teams were tasked with manually going through these documents for the data discovery process it could take a staggering 400 years. Yet, however big the task our new privacy protection age requires by law that organizations establish what the data is, its risk level, the required level of protection and its retention period.
The emerging Age of AI and unlocking the value of data usability
If ever there was a good time for draconian data protection and privacy regulations, then it’s now in the emerging Age of Artificial Intelligence (AI). Given the data discovery example shared previously, this process is clearly a job for technology that leverages AI to generate inventories of data automatically, and preferably with an excellent level of accuracy and without having any impact on business productivity.
The creation of inventory lists, with meaningful business categories for data such as HR, finance, facilities management, board activity, legal, etc., means business can understand exactly what they are working with. They can improve their processes around data as well as data security, and perhaps most importantly, can begin to use data to unlock genuine business benefits.
The latter point is key. Considering the level of value that data usability is capable of driving for a business it is currently surprisingly underutilized. However, data privacy regulations are triggering change in this area.
As more organizations rely on data identification and management processes, businesses will be able to uncover the true value of data and maximize it to drastically improve their operating processes, while remaining compliant. Ultimately, we will look back on GDPR and CCPA as the catalysts of a much-needed change in the data environment, for consumers and businesses alike.