CIOInsider India Magazine
Data Privacy
Argha Bose has two decades of experience in consulting, practice and delivery management, pre-sales, and business development that is related to cybersecurity, identity and access management across the globe.
What are the best practices for managing data in an organization?
Every organization has some important data within their environment and IT landscape at different places. They are battling with answers to what and where these data exist, their relevance to the business, and the ability to get the right data when it is needed. Hence, data management and governance are essential to practice in today’s digital landscape. With accurate data governance, many complex data sources that exist and contribute to decision making can be managed and monitored throughout the layers in which they exist. This gives businesses the most unified and consistent view of the data. Some of the best practices of data management and governance are:
1. Defining Clear Targets: Every organization is different, and hence, there is no laid-out approach for data governance. While setting-out for data governance, organizations need to have a clear target that they would like to achieve at the end of the road.
2. Track the Data: On setting targets for data governance, the next logical step is to be able to identify and locate data that exists within the organization and track its access throughout the organization. This way, it would provide a holistic view of the organization's data and how it needs to be managed.
3. Identify Risks: Once the data is tracked, it is then important to classify the data, identify the risks
associated with it, and take relevant steps, both from technology and process perspective, to provide relevant controls to address these risks and minimize the exposure levels.
4. Assign Ownership: There needs to be well-defined ownership of the data that exists within an organization. This could be individuals, groups or departments. Identifying these relevant owners, making them responsible for the data under their control and allowing them to control access to the data helps in executing the overall data governance strategy.
5. Defining the Right Controls: By focusing foremost on the security of data, organizations can minimize risk and maximize compliance at the same time. To meet the regulatory compliance of processing, storing and/or transmitting sensitive data, organizations are required to maintain data policies that include measures for data protection and data privacy.
By determining which aspects of the data governance program should be introduced in what order, we can maximize the effectiveness of its rollout, while minimizing the chances of its failures
6. Implement the Strategy: Once the data governance program is outlined, the next step is to execute the plan to realign the organization based on the recommendations. Not all of this can happen overnight-some initiatives will be easier to implement than others. By determining which aspects of the data governance program should be introduced in what order, we can maximize the effectiveness of its rollout, while minimizing the chances of its failures.
What challenges do you think organizations face concerning data privacy?
Data privacy and data protection are a complex problem. Initially, data (both sensitive and PII) need to be identified and classified according to the risk, and then needs to be ensured that it is protected with appropriate security technologies and strategies. To be able to measure the impact and criticality of global data privacy, we need to understand the challenges organizations face in data privacy and protection.
There is no doubt that organizations today are generating more data than ever, yet weak security practices continue to put organizations at risk of a data breach. Organizations need to be on top of their game in protecting not only their customers’ personal information, but sensitive data as well. Currently, where every single device is generating and accessing data, it sometimes becomes overwhelming to handle millions and even billions of data records.
Along with the increasing volume of data, there is a substantial rise in the potential of organizations to experience incidents in which their data is compromised in some way. Most of the enterprises have trouble in fully understanding how and where data.
