On data discovery & data privacy implications
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
I just gave a talk on the above at the Gartner IT Symposium Expo in Barcelona last Tuesday. In my presentation, I made it clear about the importance of discovery data in various areas within a business and more importantly, argued that the existence of undiscovered data might expose companies to their biggest governance risks. Then the biggest question comes to mind, how does one discover data?
The discovery of data simply entails collecting and evaluating data from various sources with the sole intention to understand trends and patterns in data. Some argue that data discovery is associated with business intelligence in that it informs business decisions by bringing together disparate data sources to be analysed. However, in the governance scheme of things, I’d argue that it presents an opportunity for companies to find assets that hold various data sets, understand the classification of those data sets, inform policies within the business and present privacy metrics that the business can use to improve their governance framework.
It is a known fact that companies collect huge amounts of data on their customers, markets, suppliers, production processes, employees and more. They store these data sets in various IT assets, cabinets and through various means. It is therefore important for any company to list out all the collection points of these data assets. For example, an insurance company must know all areas that they collect information about a customer from and where all the information will be stored. It is good practice to have a diagrammed flow to understand the end-to-end lifecycle of that process. This high-level approach will help the business know all various points data flows in from and which vendor, if any, contributes to the process. Without this level of granularity, companies risk misunderstanding the scope of data flows and documentation of procedures.
Understand this: the discovery of data and the processes it feeds off allows stakeholders to classify the type of information. In our example above, the insurance company will know that process data collected is critical, sensitive, public or secret. These examples of classification will allow them to set standards in the security and handling of these data sets. Juxtaposing between security and processes will be the outcome of these classification methodology.
Without policies, the handling, processes and procedures of data sets might remain inchoate. Understanding where all data exist and how they feed into various business processes will guide business on approaches to employ technical and organisational measures. For example, the insurance company will set out benchmarks for training of staff that will handle these various data sets collected from customers through their policies.
Data discovery offers companies various ways to make their data structured. The main benefit of data discovery is the insights that are uncovered. For example, in managing data subject access requests, the company may gather useful information from how many requests they get monthly and proffer the right steps in fulfilling such requests and gather valuable feedback in how they can create processes that will assist the business in improving their services.
Data discovery not only helps companies with good insights as to how they can build a better brand but also plays a significant role in feeding into their governance framework. It is quite important for companies to carry out this exercise whether manually or through the use of technology.
-
business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com