Manage data for privacy and security

August 1, 2007

Rising use of digital technologies and the Internet in the past decade has led to a dramatic explosion in the collection and use of personal data. While electronic use of information provides numerous benefits, it also poses various risks, such as identity theft and security breaches.

Rising use of digital technologies and the Internet in the past decade has led to a dramatic explosion in the collection and use of personal data. While electronic use of information provides numerous benefits, it also poses various risks, such as identity theft and security breaches. These are direct consequences of electronic communications and electronic data sharing. Moreover, the increasing frequency of negative publicity has heightened public awareness of the security and privacy risks associated with the information age.

The growing concern for these threats, coupled with the burgeoning list of privacy and security compliance restrictions (i.e., the Gramm-Leach-Bliley Act, Health Industry Portability and Accountability Act, National Do-Not-Call Registry and Sarbanes-Oxley Act) are two reasons why organizations in every government and business sector must take steps to ensure the privacy and security of customer data. To address these challenges, many organizations are implementing customer data integration (CDI) solutions, which allow the leveraging of customer information to their best advantage, while securing and managing data to ensure that rules and policies governing privacy and security are followed.

Data issues that endanger security and privacy

Security and privacy can also be compromised by alteration of data that occurs as a result of activities such as format conversions or system migrations that increase the likelihood of errors and inaccuracies. In-house systems that attempt to integrate customer data with basic Customer Relationship Management (CRM) systems are susceptible because data must be moved and/or stored in large databases, rendering data vulnerable to theft or loss of integrity.

Organizations without systems to manage who is allowed access to data and what subset of the data they see also are exposed to increased security risks. A business that grants unrestricted access to every employee experiences more data misuse than a company that implements a tiered access policy. Easy access to information stored in large databases can result in unauthorized disclosure of private information.

In addition, organizations that share data by sending extracts from systems face an increased risk of exposure any time they send information beyond network firewalls. Organizations that access and use sensitive information – such as hospitals, financial institutions or law enforcement agencies – face the greatest potential damage (such as theft of financial data, leaks during active investigations, misidentification of patients or suspects, and even loss of life) in the event of any loss or breach in data integrity. A critical measure an organization can take to maintain privacy and security of data is to use technology to institute and enforce a minimal use principle for data access, which means people only have access to data they need to execute their tasks.

Robust CDI

CDI systems access and compare similar records about a specific customer, eliminate duplicates, evaluate possible errors, and link them to form a single, accurate version of a record, which can improve customer service, streamline business processes and enhance delivery of services. Creating a single, accurate version of a record enables organizations to ensure the accuracy and integrity of the information they provide to avoid cases of mistaken identity that could cause personal embarrassment and hardship for the parties involved, not to mention the potential expense of litigation.

The most comprehensive CDI solutions provide data management solutions that enable organizations to comply with stringent security and privacy regulations, while allowing continued on-demand, real-time data sharing with employees and customers. CDI models, which allow organizations to publish real-time data sharing services while maintaining control over what data are seen and by whom, are much safer than the commonly used extract-and-transport method. With the extract-and-transport method, once an extract of data leaves an organization's firewall, the owning organization loses control.

To support this safer method, a CDI system must know where all data in the enterprise resides so that it can examine individual records and enforce appropriate security and privacy rules. With this awareness, it can centrally manage and enforce policies regardless of where data has been collected, generated, used and stored. This capability enables a CDI system to serve as the foundation for comprehensive security and privacy control within an entire enterprise or organization.