AI: Your No. 1 Weapon in the Fight for Data Protection
Voters’ passage of the California Consumer Privacy Act (CCPA) this summer means significantly tighter security for consumer data. Given the far-too-frequent instances of data breaches, this marks an impressive step toward protecting consumers and their data. But keeping up with security requirements can be challenging for IT teams. I believe artificial intelligence (AI) can help.
Before sharing why and how let’s explore the current state of data security. It seems as if every week there are stories of consumer data being inadvertently leaked.
- In October 2018, Cathay Pacific Airways announced that the data of 9.4 million passengers had been compromised in March, according to the South China Post. This data included passengers’ names, addresses, dates of births and identity card numbers and passport numbers. “The breach of this personal data could cause a lot of trouble because it can be used to build up people’s virtual ID,” said Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, in the article.
- Equifax, one of the largest credit bureaus in the United States, reported in September 2017 that a data breach had occurred several months before, according to the CSO article, “The 17 biggest data breaches of the 21st century.” The breach impacted approximately 143 million consumers, and the data included social security numbers, birth dates and addresses. Some consumers also had their drivers’ license numbers and credit card numbers exposed.
- The U.K.’s Information Commissioner’s Office, a privacy watchdog group, fined Facebook £500,000 in late October for a 2014 data breach, in which Cambridge Analytica “exploited Facebook to harvest millions of people’s profiles,” whistleblower Christopher Wylie told The Guardian. “A company of its size and expertise should have known better and it should have done better,” said information commissioner Elizabeth Denham in the article.
The Worst-Case Scenario is the Worst Time to Consider Security
Too often, companies consider data security after the fact. Facebook’s original motto for its developers was: “Move fast and break things,” according to the Mashable article, “Facebook Changes Its ‘Move Fast and Break Things’ Motto.” The idea behind the mantra—since changed to “Move fast with stable infra”—was that innovation is slowed by a fear of making mistakes.
It’s understandable that companies want to be agile, and agility is a necessity in the era of digital transformation. The problem is that when companies move fast, what they’re often breaking is people’s privacy. Engineering a solution to a privacy breach after the fact amounts to applying a bandage on an issue requiring serious IT surgery.
The Overwhelming, Ever-Changing Challenge of Data Compliance
Complicating matters for companies concerned about data security is the number of complex compliance regulations to follow. They include:
- Personally Identifiable Information (PII) protection: U.S. federal law, as well as state laws, aim to protect PPI (sometimes referred to as sensitive personal information) from identity theft or other threats. PPI includes home address, passport number and birthplace.
- General Data Protection Regulation 2016/679 (GDPR): A European Union regulation on data protection and privacy for people within the EU and the European Economic Area.
- Health Insurance Portability and Accountability Act (HIPPA): This 1996 law aims to protect the confidentiality and security of healthcare information.
- California Consumer Privacy Act: The intent of the law, which was enacted in June, is to protect data privacy by imposing new rules on companies that gather, use and share consumers’ data. This law, which I believe has real teeth, takes effect in 2020.
How Can AI Help?
Which brings us to AI. Some would say it’s impossible for IT teams to embrace the speed of digital transformation while following all these laws. And I agree that IT teams can’t be expected to tackle data security on their own. They often construct digital walls to try to protect data, but once you build walls, you’ve lost control.
IT managers in charge of data often don’t know what can be shared, and with hundreds of thousands of data shares, it would be extremely easy to miss what needs to be protected, even with a clear understanding of what could be shared. The complexity of the cloud complicates data protection even further.
Using AI effectively—in conjunction with metadata management—can increase substantially compliance to all these regulations. Data should be protected at the metadata level, where you can control where a file goes, what geography it’s in, who has access to it and who has accessed it, among other things. The restrictions and rules attributed to that metadata follow it everywhere.
Humans simply can’t manage it. It could be months or even years before the best-intentioned, hardest-working IT manager discovers a breach. AI ensures compliance with the myriad data regulations and to catch data breaches quickly. AI doesn’t actually touch the data. It works in the metadata, the information about the data.
Bottom Line
Silo-based storage management for data compliance does not scale with today’s volume of enterprise data. People think of managing data in terms of managing storage instead of managing metadata. This walled-garden approach to data compliance doesn’t work—and can’t possibly contend with data attacks and complex data protection laws, which are being introduced more rapidly in response to these threats.
With AI, taking a law and operationalizing it is much easier and much faster—especially important since another law could come along just as you’ve achieved compliance with the most recent law. Protect consumers’ data and protect your company by considering an AI approach to this challenge.
