FREE DM Review Site Registration!
Sign-up today and access DM Review on the Web!

Your FREE registration entitles you to:
FREE email newsletters

FREE access to all DM Review content

FREE access to web seminars, resource portals, our white paper library and more!

   

Managing Your Data for Privacy and Security Purposes

The rising use of digital technologies and the Internet during the past decade has led to a dramatic explosion in the collection and use of personal data by government agencies and businesses. For the most part, the information has been leveraged in ways that make people's lives easier and more productive. Businesses throughout the world now routinely conduct important business transactions and trade data with business partners over public networks. And a growing number of consumers are banking, shopping, booking travel arrangements, updating account information and filing taxes, all without leaving their offices and living rooms.

But while electronic use of information provides numerous benefits, it also poses various risks. Today's headlines, with their disturbing accounts of identity theft and security breaches, underscore the dire consequences of electronic communications and electronic data sharing. Moreover, the increasing frequency of negative publicity has heightened public awareness of the security and privacy risks associated with the information age.

The growing concern for these threats, coupled with the burgeoning list of privacy and security compliance restrictions (i.e., the Gramm-Leach-Bliley Act, Health Industry Portability and Accountability Act, National Do-Not-Call Registry and Sarbanes-Oxley Act) are two very important reasons why organizations among every government and business sector must take steps to ensure the privacy and security of customer data. To address these challenges, many organizations are implementing customer data integration (CDI) solutions, which allow them to leverage customer information to their best advantage, while securing and managing data to ensure that rules and policies governing privacy and security are respected and followed.

Data Problems that Endanger Security and Privacy


Figure 1. 10 Steps

Many data privacy and security problems occur due to the proliferation of inaccurate data maintained by the growing number of private, corporate and government organizations. With today's rise in use and reliance on the Internet, the volume of data has increased dramatically, but the quality and accuracy has actually decreased. Industry analysts report extremely high degrees of inaccuracy in files maintained by credit bureaus, collection agencies, health providers and direct mail services. Unfortunately, inaccurate data that is erroneously released or shared can negatively impact people's privacy and damage their reputations.

Security and privacy can also be compromised by any alteration of data that takes place as a result of activities such as format conversions or system migrations that increase the likelihood of errors and inaccuracies. In-house systems that attempt to integrate customer data with basic customer relationship management (CRM) systems are susceptible because data must be moved and/or stored in large databases, rendering data vulnerable to theft or loss of integrity.

Organizations without systems in place to manage who is allowed access to data and what subset of the data they see also expose themselves to increased security risks. A business that grants unrestricted access to every employee experiences more data misuse than a company that implements a tiered access policy. Easy access to information stored in large databases can result in unauthorized disclosure of private information.

In addition, organizations and businesses that share data by sending extracts from their systems face an increased risk of exposure any time they send information beyond their network firewalls. This common method of data sharing has been responsible for a large percentage of the very public security breaches. Organizations that access and utilize sensitive information - such as hospitals, financial institutions or law enforcement agencies - face the greatest potential damage (such as theft of financial data, leaks during active investigations, misidentification of patients or suspects and even loss of life) in the event of any loss or breach in data integrity. One of the most important measures an organization can take to maintain privacy and security of data is to use technology to institute and enforce a minimal use principle for data access, which means that people only have access to the data they need to execute their tasks - no more and no less.

Robust CDI Solves the Problem

Comprehensive CDI systems identify, link and synchronize customer information across systems, sources and external lists to create integrated customer data from disparate applications and data sources. CDI systems access and compare similar records about a specific customer, eliminate duplicates, evaluate possible errors and link them to form a single, accurate version of a record, which can help improve customer service, streamline business processes and enhance delivery of services. Creating a single, accurate version of a record enables organizations to ensure the accuracy and integrity of the information they provide in order to avoid cases of mistaken identity that could cause personal embarrassment and hardship for the parties involved, not to mention the potential expense of litigation pursued by dissatisfied clients and angry individuals.

The most comprehensive CDI solutions provide data management solutions that enable organizations to comply with stringent security and privacy regulations, while allowing continued on-demand, real-time data sharing with employees and customers. CDI models, which allow organizations to publish real-time data sharing services while maintaining control over what data are seen and by whom, are much safer than the commonly used extract-and-transport method. With the extract-and-transport method, once an extract of data leaves an organization's firewall, the owning organization loses control.

To support this safer method, a CDI system must know where all of the data in the enterprise resides so that it can examine individual records and enforce appropriate security and privacy rules. With this awareness, it can centrally manage and enforce policies regardless of where the data has been collected, generated, used and stored. This capability enables a CDI system to serve as the foundation for comprehensive security and privacy control within an entire enterprise or organization.

The most robust solutions also provide multilevel security to control access to information down to the attribute level - such as Social Security number, blood type, credit rating, and specific information that only designated representatives may be permitted to access. Such systems track additions and changes to opt-in/opt-out lists and other laws governing privacy and security, ensuring information is used appropriately according to individual choices, and that these choices are readily accessible at all customer contact points within the enterprise.

Advanced capabilities include the ability to ensure compliance, with the most comprehensive systems providing special tools for setting user and group permissions.

Other tools enable administrators to limit the number and type of attribute about a customer that can be viewed at a given time. Only the information needed for a given customer interaction is revealed in accordance with privacy, access control, data ownership and other company policies. Comprehensive CDI systems also monitor and log changes, modifications and additions to customer records; and track factors such as the reason, time and search results. This enables organizations to catch errors before they cause problems. In addition, reporting and task management capabilities for creating audit trails help organizations show due diligence and avoid potential fines.

CDI "Must Haves"

Businesses and organizations in the process of evaluating CDI systems should look for a solution that provides the best method for collecting and managing private data in a secure, sensitive and trustworthy way. Essential features and capabilities include:

  • Central notification control . This provides the ability to configure and manage notices sent to users attempting to access personal records; enables enforcement, auditing and verification during the data notice process.
  • Flexible management. The CDI system should be able to enforce opt-in/opt- out rules regardless of the platform used to gather preferences; it should support flexible privacy models (i.e., contact point or individual); and it should support age as a criterion for Children's Online Privacy Protection Act enforcement.
  • Customer accessibility. Organizations must be able to pinpoint exact locations of all customer related data so that they can provide individuals with access to their data within a reasonable period of time. Capabilities that assist in this process include: real-time search capabilities for finding all data and providing a complete, composite view; flexibility to decide how data can be viewed; and a method for finding structured and unstructured data.
  • Security for stored and shared data. CDI solutions that allow local storage of data enable individual divisions within an organization to retain control of their own data. Such solutions also enable administrators to define the extent of viewable data with a very high degree of specificity; administrators can decide at the row and attribute level who can see what kind of data. Federated CDI models encrypt data in databases and logs, and support encryption or hashing of data from source systems, enabling secure data sharing between trusted partners.

CDI solutions provide the framework for a comprehensive data sharing strategy which protects privacy and security. Though there are a variety of CDI solutions on the market, not all provide the flexibility and control necessary to ensure data quality, integrity and compliance with today's data security and privacy requirements. The most powerful provide highly granular policy control to ensure that only the people who need to view the information can see it and restrict the data presented to only that which is required for the task at hand. Such solutions also provide on-demand data sharing for employees and customers, without moving large amounts of data and potentially compromising sensitive personal information. With today's increased concern for confidentiality of personal information, these highly robust CDI systems provide a required infrastructure component to minimize security risks and protect personal privacy.


Scott Schumacher serves as chief scientist at Initiate Systems where he is responsible for R&D of Initiate's matching algorithms and the overall management of product development. Initiate Systems, Inc. is a leading provider of customer-centric master data management (MDM) solutions for companies and government agencies that want to create the most complete, real-time views of people, households and organizations from data dispersed across multiple application systems and databases. Schumacher can be reached at sschumacher@initiatesystems.com.

For more information on related topics, visit the following channels:



Industry Vendors