Privacy is not binary: useful controls need to be contextual and commensurate with risk.
It seems obvious when you state it plainly: when you grant someone access to your datasets, the level of information they need ‘ and level of associated risk ‘ depends greatly on who they are, and what they’re doing.
But recently, this humble truth has taken on huge importance for organisations of all kinds, in all industries.
Businesses that are trying to break down data silos are finding that the old way of managing privacy via access controls simply isn’t good enough.
The truth about data needs and risks
Back when data lived in siloed applications, maintaining privacy was relatively simple. User access controls, applied at the application level, were sufficient to ensure sensitive data was only revealed to the people who needed to see it. But once businesses brought their datasets together, it was clear that user access controls were no longer sufficient. Linking data silos together created powerful insight, but also meant that there were significant new risks to data subjects. These new contexts, related largely to the use of data for advanced analytics and machine learning, create demand for more flexible controls on the data.Here’s an example. A customer service agent needs access to each individual customer’s personal data, from their address to their previous purchases for the duration of a service call. But a data analyst employed to improve the operational efficiency of the contact centre where the agent works doesn’t need ‘ or want ‘ to know anything about individual customers. They need only the aggregate statistics around, for example, caller location, call length and call volume.
Once you start to look at data needs and risk in terms of context, it makes it easier to digest the requirements for protecting data in a useful way.
In every use case, you need to ask yourself:
- What information is required to achieve your objective?
- What privacy risks are we aiming to mitigate and manage?
And then make sure appropriate measures are in place.
As the UK Anonymisation Network puts it:
‘Anonymisation is a heavily context-dependent process and only by considering the data and its environment as a total system [‘] can one come to a well-informed decision about whether and what anonymisation is needed‘.
Most organisations have responded to this realisation by dealing with each project and request for data access as it arises in an ad hoc fashion, or to lock data down with overly conservative controls that inhibit innovation and undermine the very reason for having unified the data silos in the first place.
Like the security principle of ‘least privilege’, privacy risk can be reduced by minimising the information available to those who need it. This can operate at various levels, e.g.:
- By use case or project
- By programme
- By job role
- By team or department function
By providing tailored, granular control over how data is provisioned in each context, the risk of sensitive data being exposed can be minimised. Data is minimised or perturbed in accordance with the risk appetite and data utility requirements in each use case – this could be a de-identified view of a dataset for one group and an API that only provides aggregate statistics for another.
Contextual privacy ‘ the ideal solution
What modern organisations really need is a contextual approach to privacy ‘ one that lets them consistently give users the data they need while minimising their exposure to sensitive information.
How privacy enhancing technologies make contextual privacy possible
Thankfully, as the world’s businesses have been busy breaking down their data silos, researchers in the field of data and computer science have been busy working on exactly the techniques needed for a more nuanced, contextual approach to data privacy.
- Data pseudonymisation ‘ replacing identifiers with pseudonyms, or tokens to reduce re-identification risk
- Homomorphic encryption ‘ enabling computation over encrypted data
- Differential privacy ‘ providing a strong way to protect aggregate statistics
These tools and models make it possible to serve users the data they need, and only the data they need ‘ preserving both data privacy, and data utility for the task at hand.
Operationalise Privacy Enhancing Technologies
These techniques still need to be applied in a way that’s appropriate to each context and deployed in a way that’s manageable and scalable. Data privacy products that leverage these core capabilities can enable businesses to apply privacy enhancing techniques at enterprise scale with policy-driven, contextualised rules applied and enforced automatically.
And because it’s consistent and transparent it becomes defendable: the friction involved in getting access to data is massively reduced.
Once it’s been decided that your Marketing team, for example, can have access to de-identified data, there’s no need for them to put in a data access request for every new use case. Approval processes are accelerated, and compliance overheads reduced.
‘And opening the door to new insights
Being able to apply contextual privacy in this way doesn’t just solve the privacy challenge created by linked datasets ‘ it creates entirely new business opportunities.
The most valuable data an organisation holds is often its most sensitive and subject to the most stringent controls. A bank may only allow a handful of users to access its global transaction dataset ‘ and even then, only in a secured, monitored environment. But by applying the right privacy controls, organisations can make such data sufficiently safe for a variety of applications and extract huge value along the way.
The bank’s engineering team, for example, don’t need to be able to identify individuals to use the data for model development ‘ they just need to see the data’s internal patterns and relationships. And modern privacy enhancement technology can make that possible.
Today, no organisation can afford to overlook the contextual nature of privacy.
If you want to use data to drive insight, innovation or revenue ‘ and let’s face it, who doesn’t? ‘ you should be exploring ways to expose the right information, and only the right information, for the context.
Get this right, and you won’t just shut down data risk ‘ you’ll open up a world of possibilities.