Webinar Recap: Privacy Management – Applying Appropriate Controls
Having discussed the value of data governance and data discovery and classification in the previous two sessions of the webinar series, the third one focused on data privacy and applying appropriate controls.
For this session, I was joined by panellists Julian Hicks, Privacy SME at BigID and Jessica Santos, Global Compliance and Quality Director at Cerner Enviza, and we embarked on a comprehensive exploration of data privacy, its challenges, and how it aligns with core business goals.
Data privacy in the digital age: Importance and challenges
The webinar was a reminder of the growing importance of data privacy in today’s digital landscape. I highlighted the difficulties in implementing robust privacy controls, especially considering the massive amounts of data businesses have to handle nowadays.
Jessica Santos brought her expertise in the healthcare sector to the table. She discussed the intricacies of handling legacy data, which is often fraught with compatibility issues and security vulnerabilities. She also touched upon determining appropriate data retention periods, a complex task given the evolving nature of privacy regulations and the value that historical data can bring to organisations.
Julian Hicks, on the other hand, spoke about the shift towards data-driven privacy programmes. He underscored the need for technology to manage large data sets effectively, moving away from traditional manual processes that are not only time-consuming but also prone to errors.
Balancing act: Openness, privacy, and design principles
The panellists agreed on the critical need to strike a balance between opening up data for analysis and protecting privacy. Jessica suggested embracing “small data” approaches, where only necessary data is used for research. This method not only reduces the exposure of sensitive data but also makes data management much easier.
Julian emphasised the principle of “privacy by design.” He advocated for proactive measures like encryption, consent management, data deletion, and minimisation to ensure data privacy. These principles, when embedded throughout the data lifecycle, can significantly enhance privacy control and reduce the risk of data breaches.
Collaborative approach and accountability frameworks: Key to success
Our discussion underlined that collaboration across the organisation is vital for successfully implementing privacy controls. Both panellists stressed the importance of clear team roles and responsibilities concerning privacy, understanding pertinent laws and regulations, and effectively managing processes that handle personal data.
Julian introduced a privacy journey model, highlighting the importance of accountability frameworks to operationalise privacy across an organisation. He emphasised assessing and mitigating potential risks, ensuring compliance, handling individual rights, managing consent, and preparing for potential breaches.
Jessica added that all employees should receive training regarding their role concerning data and privacy. She underscored the importance of corporate governance and system controls, particularly in restricting employees from exporting entire databases and other potential high-security risks.
Embracing AI and resolving conflicts of interest
Conflicts of interest within different departments of an organisation, such as security and privacy, were another key discussion point. Jessica believed that these conflicts could be resolved through open discussions and shared goals. We agreed that while technology is often the easy part of driving a privacy strategy, the real challenge lies in managing people and processes.
Artificial Intelligence was a hot topic during the webinar. Jessica discussed the risks and rewards of AI, stressing its potential to speed up processes but also its dangers if left unchecked. She expressed concerns about trusting AI with sensitive information due to potential privacy control issues.
In summary, the third session of the webinar series provided a thorough and insightful examination of the intricate landscape of data privacy. It not only underscored the critical significance of data privacy but also emphasized the need for a collaborative approach and the integration of artificial intelligence to operationalise privacy.
Looking for a more detailed explanation?
Interested in operationalising data governance in your organisation but don’t know where to start? Our team of experts can help: