Data Privacy Week: the role of tech companies
- Data privacy is becoming more important and challenging in the digital age.
- Organizations should reconsider the measures they have in place and develop a secure and well-governed data foundation.
- Data privacy is not only a legal obligation but also a business opportunity.
It’s Data Privacy Week. As usual, tech companies will take the opportunity to reach out to businesses to highlight the importance of data protection and the consequences of not taking it seriously.
Indeed, tech companies play a big role when it comes to data privacy today. Simply because businesses rely on these companies to help them protect their data. While there are different concepts towards data privacy and protection in an organization, the main idea goal is to ensure data privacy is secured.
Today, data privacy is becoming more important and challenging in the digital age, especially with AI becoming a game-changer in the industry. As such, tech companies can help businesses with data privacy in several ways, such as:
- Implementing strong security measures to prevent data breaches, such as encryption, firewalls, authentication, and access control.
- Adopting privacy by design principles means integrating privacy considerations into every stage of the development and operation of a system.
- Using emerging technologies that enable data analysis without compromising personal information, such as differential privacy, federated learning, and homomorphic encryption.
- Educating and empowering customers about their data rights and choices, such as providing clear and transparent privacy policies, consent forms, and opt-out options.
- Complying with relevant data protection laws and regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States, and the Personal Data Protection Act (PDPA) in Malaysia.
By following these best practices, tech companies can not only protect their customers’ data but also gain a competitive advantage and enhance their reputation in the market. At the end of the day, data privacy is not only a legal obligation but also a business opportunity.
In conjunction with Data Privacy Week, several tech executives share their views on data privacy with Tech Wire Asia.
James Fisher, chief strategy officer, Qlik
We are squarely in the middle of an AI boom, with generative AI promising to take us into a new era of productivity and prosperity. However, despite its vast potential, there remains a lot of trepidation around the technology – particularly around how to use it responsibly. For example, there are risks around the violation of data privacy and individual consent when it comes to the data that AI algorithms are trained on.
Trust in generative AI – and the data powering it – is key for the technology to be embraced by enterprises. With the risk of misinformation, the use of deepfakes and more, it will take hard work to build this trust. One way to do this is through improving the data that AI is fed – because AI is only as good as its data.
We are seeing steps in the right direction here through a push for better governance, origin, and lineage of data to power AI. At an enterprise level, businesses must look to test the validity of their data and get robust data governance in place. Then, it will be possible to use AI to generate more trustworthy and actionable insights down the line.
Trevor Schulze, chief information officer at Alteryx
Powerful enterprise use cases for generative AI are still being discovered, but so too are limitations in terms of data privacy and regulation. The Information Commissioner’s Office‘s recent review of how data protection laws should apply to such generative AI applications was a key reminder of this. The EU AI Act, which is the first official AI regulation and requires AI systems deployed in the EU to be safe, transparent, traceable, non-discriminatory and environmentally friendly, is another good example of regulators moving at pace to react to AI concerns.
Data privacy is cited by 47% of data leaders as the reason why AI capabilities have not yet been deployed within their organizations. Even for organizations that are starting to use new AI capabilities through commercial or custom-built LLMs, understanding what data was used to train these models is proving very difficult.
Clear data governance policies will be critical in building overall confidence in AI moving forward. Creating or reinforcing data steward roles within enterprises to advocate for secure AI use by creating, carrying out and enforcing data usage rules and regulations will display a commitment to data privacy and build company-wide confidence.
Niels van Ingen, chief customer officer for Keepit
No one likes surprises, particularly IT executives who believe their SaaS cloud providers have taken all the necessary steps to back up customers’ critical enterprise data. This is never truer when a disaster strikes, whether from an internal mistake or an attack from the outside, leaving business operations at a complete standstill.
The unfortunate truth is that most SaaS providers don’t offer the necessary level of data backup and recovery that enterprises require to get back up and running.
And guess what? If you read the cloud agreement, you’ll discover SaaS vendors aren’t responsible for data backup. The onus is on you.
It’s easy for individuals and businesses using popular cloud-based services to believe their data is “backed up in the cloud” and easily retrievable in the event of an attack or accidental deletion. However, they quickly learn – often too late – that backup services from SaaS vendors are usually very limited, disorganized, or prohibitively expensive to access. Organizations also get surprised when learning that many SaaS providers offer a limited data retention period, where after such time, the data is permanently deleted.
That’s why the only true backup – and the last line of defense in SaaS data protection – is having granular, reliable, and fast backup and recovery capabilities, with the data stored separately from the SaaS vendor’s environment.
Sanjay Deshmukh, senior regional vice president for ASEAN and India, Snowflake.
This Data Privacy Day, organizations should reconsider the measures they have in place and develop a secure and well-governed data foundation to ensure the privacy of their customer data. Snowflake recommends a 3-step approach to build this secure and well-governed data foundation:
- Unify: Break down the silos and organize the data in 1 place to get a complete view,
- Understand: Identify what information is in your data and especially the sensitive information and
- Secure: Secure data with various governance and privacy protection features like data masking, tokenization, Role-based security access, Row level security.
This secure and well-governed data foundation will enable organizations to protect their customers’ data and accelerate innovation and transformation by enabling AI and Large Language Models against this secured data.
Remus Lim, vice president, Asia Pacific and Japan, Cloudera
Generative AI has hogged headlines in 2023 as organizations scrambled to adopt the technology in the enterprise. Chatbots, automated report generation and personalized emails are all examples of how generative AI can drive creativity and productivity while improving customer experience. It is, however, crucial to note that all AI/ML models are only as good as the data that they are trained on.
As companies look to deploy more AI and ML technologies across the business, there is an increasing demand for access to their data across all environments. Advancements in AI/ML have even let organizations extract value from unstructured data, which makes the management, governance, and control of all data critical.
With businesses looking to democratize more of their data, it is key to focus on data privacy and security. They must build their strategies and plans with data security and governance at the forefront as tackling third-party security solutions is often a difficult and expensive process. Investing in modern data platforms and tools with built-in security and governance capabilities allows companies to democratize their data in a secure and governed manner, while successfully training enterprise AI/ML models.
In fact, DataOps, which is the approach to improving the communication, integration and automation of data flows between employees who work with data and the rest of the organization, is expected to hit US$10.9 billion by 2028 as businesses strive to make more data-driven decisions by increasing employees’s access to data.
David Sajoto, vice president of Vectra AI, Asia Pacific & Japan
The cybersecurity market in the APAC region is billions of dollars strong and growing, thanks to a continually evolving and destructive threat landscape. This underscores the crucial responsibility organizations have in safeguarding sensitive information and serves as a reminder of the challenges involved in maintaining data privacy. However, with the right awareness, training and security measures in place, not to mention advanced attack signal intelligence powered by AI, businesses can reclaim the certainty that their data is protected.
Last year saw privacy laws grow significantly in 2023, by as much as 25% from 2021. Countries throughout the region either adopted or are in the process of implementing comprehensive privacy laws for the first time, with more mature markets aligning laws closely with the likes of Europe to strengthen defense measures. Breach notification requirements, data privacy offers and data localization requirements are increasingly becoming the norm.
Despite these efforts, unwelcome breaches made headlines. Throughout APAC, we heard stories of customer information leaks, citizen details being sold online, patient data being stolen and abused, services being corrupted and taken down, and ransomware attacks threatening protected data to be released unless hefty sums were paid out.
As we strive to make the world a safer and fairer place, companies have a responsibility to their customers, partners and end users to implement the right practices that will ensure their privacy and data are protected.
That brings us to 2024. Data Privacy Day presents an excellent opportunity to have difficult and important conversations about how we can better protect our people – both staff and customers – and the company name. Organizations must invest in the right solutions that are geared towards both prevention and detection, leveraging advanced technologies such as AI to extend attack signal intelligence and support security teams.
As attacks become more intelligent and powered by the likes of generative AI, businesses will face heightened expectations to demonstrate their commitment to implementing comprehensive measures aimed at safeguarding data. Technology decision-makers must reflect on what has worked and what hasn’t, adopting an approach that effectively stops and catches attacks before it’s too late.
Brian Spanswick, CISO and head of IT, Cohesity
World Data Privacy Day is an excellent opportunity for public and private organizations to assess the effectiveness of their data security and management practices and this has never been more critical that it is now.
The accelerated adoption of LLM like ChatGPT, has added a significant threat to an already critical data security posture. The value of the data itself and the critically of that data for an organization’s operations to function has never more exposed to disruption and exfiltration. This increases the need for organizations to understand where their data are, ensure that data is encrypted in transit and at rest, and have the ability to recover that data minimizing disruption to operations.
Unfortunately, we live in world where cyberthreats and successful attacks are a challenge that all organizations face because of the disruptive impact they have on business continuity and the lucrative financial gains they can provide to threat actors when they can exfiltrate an organization’s data.
By using this annual event as a catalyst to releases, evaluate and revise your data security and management best practices you’ll help set your organization up for success in the year ahead. Adopting modern technology platforms that help you protect, secure and recover data is both fundamental and critical.
In 2024, there are many solutions that are integrating AI to help turbocharge organizations IT and Security capabilities increasing the effectiveness of these fundamental data protection controls.
READ MORE
- 3 Steps to Successfully Automate Copilot for Microsoft 365 Implementation
- Trustworthy AI – the Promise of Enterprise-Friendly Generative Machine Learning with Dell and NVIDIA
- Strategies for Democratizing GenAI
- The criticality of endpoint management in cybersecurity and operations
- Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications