Why innovation using data must be private by design
Friday Nov 04, 2016mail
We’re experiencing a new age in data. The huge surge digital interactions and subsequent generation of big data not only provides insights which connect us, but can also improve our daily lives. Healthcare outcomes, city planning, transportation, defense and civil governance – all are beneficiaries of innovation through open data.
But in order to capitalize on this information, we must share it – something which rightly makes individuals in society cautious about the privacy implications. Many legacy technology systems, products and services weren’t built with protecting personal information in mind. As a result, privacy concerns are high on the agenda.
This has resulted in businesses spending big in an attempt to protect data behind systems that regularly suffer breaches. Not only does this breed mistrust among consumers, it also makes that same data increasingly difficult to access for people within organizations – those who can actually find insights and create a better user experience.
So we need to shift gears. Protecting consumers’ data isn’t just about placing information behind more layers of security. Our understanding must shift from a traditional ‘lock and key’-style of protection to something more sophisticated: protecting data through private by design technology infrastructure.
What is privacy by design?
Privacy by design is a methodology that takes customer data protection into account from the very beginning of any engineering process. Sensitive data is treated as private by default, with the utmost respect for the user. In this sense, privacy by design isn’t a specific set of engineering steps, but a framework by which data is protected. For instance, the new smartphone AI assistant Snips anticipates actions you make on your phone – like calendar appointments or ordering an Uber. The app, which has been in development for several years, was built using privacy by design methodology. As such, the makers claim no information is sent to cloud-based servers. Instead, every piece of sensitive information stays on your device. Apple does something similar. The company claims no credit card information contained in its Apple Pay infrastructure ever leaves a user’s iPhone. These are not only great examples of privacy by design at work, but are also demonstrative of how businesses respond to consumer expectations. As technology and data become a more important part of customers’ everyday lives, the expectation for responsible data use grows.
Seeking new insights from data is crucial, but outdated systems can hold businesses back. By placing more and more security barriers around data, organizations risk simply reducing access for those in the know – effectively locking away a proverbial goldmine of information. Equally, archaic systems mean that data analysts and business leaders are often in a constant panic about when they will next be victim of an attack and whether their data will remain secure. Instead, private by design approaches to technology allows for innovation through controlled access to data. Analysts and leaders can rest easy when adopting this approach, knowing that the fundamental structure of their engineering makes privacy breaches a smaller risk than ever. This approach would shun retaining information like credit card data – even if it were encrypted on a locally housed server. Instead, a business might choose to use a process like tokenization. A privacy by design approach might also push a business towards using separate encrypted cloud environments or servers for each individual category of information, so a digital profile of a single consumer can’t easily be recreated by merely accessing a single file. However, in order to create a process by which people within your organization can access that data and use it, a framework needs to be established.
Laying down the rules
The Office of the Australian Information Commissioner has already established a framework for helping businesses manage privacy issues and compliance. Among its principles is embedding a culture of privacy and treating personal information as an asset to be protected. It also squarely calls for businesses to adopt a privacy by design approach, which constitutes seven principles:
- Be proactive to security concerns, not reactive.
- Set privacy as the default setting.
- Have privacy embedded into design.
- Don’t make privacy a zero-sum game.
- Ensure privacy from end-to-end of a service or product.
- Keep everything open, transparent and visible.
- Keep respect for the user privacy-centric.
This last point is crucial. Businesses need to start thinking of themselves as custodians of data, rather than its true owners. A privacy by design approach to organizational data governance truly respects the nature of that data, and creating products and services within this framework develops more trust between customers and providers. Businesses, governments and any other body creating insights with data must understand this. Expensive systems can always fail. And while no method is 100% foolproof, if you keep privacy in mind from the beginning, you put your customers and your organization in the best possible position to safely leverage data to drive innovation.