This article was written by Monica Holboke and originally appeared on the Snowflake Blog here: https://www.snowflake.com/blog/data-and-customer-privacy-what-companies-need-to-do/
Today’s Data Privacy Day offers consumers an opportunity to learn about how companies use, collect, and share their personal information. At the same time, it gives companies a chance to focus on and highlight how they are protecting customer data.
Although most businesses view data privacy practices as a way to mitigate their risk, good practices around data privacy can actually differentiate your organization from your competitors. Here are a few things your company should be doing to ensure the privacy of customer data, and how a modern data infrastructure can help.
1. Know where all your data is stored. The first step to ensuring the privacy of all of the customer data you own is to know its location. Is it housed in multiple disparate systems, in different departments, or even in far-flung physical data centers? Legacy data systems create data silos that are hard to manage, creating the risk that customer information could easily fall into the wrong hands without accountability. A modern data infrastructure can wrangle data in different formats from multiple sources into one location, which can make it much easier to secure. It can also help with data minimization, or limiting customer data collection to only what is required, which is a security best practice.
2. Know what data you have. It’s difficult to know exactly what siloed data sets contain. They may include personally identifiable information (PII), defined as any data that could potentially identify a specific individual such as names, social security numbers, and credit card numbers. They can also include information such as gender, age, and zip code that, when combined, can identify individuals. Is the PII secure? Is it properly managed so that it can be deleted when no longer needed? Modern data systems store data in a more centralized way and include features that discover, classify, and catalog PII and sensitive data, making it easier to manage and secure.
3. Control your data. Let’s say you’re fairly confident about the location of your sensitive data and what it contains. Do you have complete control over the data at all times? Can you manage who can access it at any given moment? Are you able to hide sensitive parts of it for users with different security clearance levels? Can you delete confidential data when it is no longer needed? Data strewn in disparate and legacy systems is difficult to manage from a security perspective. A modern data infrastructure enables you to monitor data in real time and exercise control when needed.
4. Collaborate on data without violating customer privacy. Companies often share data internally and with external entities for analysis or research. But this data sharing can be strictly regulated. A modern data infrastructure enables companies to collaborate on data without exposing PII and sensitive data through features such as data masking and de-identification. These features enable organizations to choose exactly which data sets to share, and hide the confidential information that is in them. In addition, modern data infrastructures enable sharing data without moving or copying it, ensuring control over it at all times.
5. Ensure your data management processes meet privacy regulations. Statutes and regulations such as HIPAA and GDPR drove companies to think about privacy protections more globally. Also, regional and industry-specific data privacy regulations have been getting stricter. Data governance is key to complying with these regulations, and a modern data infrastructure can provide the governance controls needed to protect customer privacy. These include role-based access controls, batch deletion processes, and data de-identification—all of which help to safeguard customer data.