Data Privacy Myths Debunked

By Paula Furnace, Product Marketing and Strategy at Privitar

Data privacy is a complex and often misunderstood topic. Just like data itself, there can be a lot of information to dig through and manage. Layer on the countless new and rapidly evolving privacy regulations, and it can be nearly impossible to know how to interpret and apply this information, nevermind separate fact from fiction. 

Despite these challenges, having a firm understanding of data privacy and the range of requirements and approaches available to safeguard data is fundamental. This comprehension allows organizations to make decisions about the potential data risk they face while still leveraging the power of that data for safe analytics insights.

Time to clear up the confusion and debunk the five most common data privacy myths.

Myth #1: We already have a security solution. We don’t need data privacy.

Many organizations try to protect sensitive data by implementing security. Extensive investments are made in perimeter and access controls to reduce the likelihood of a data breach and prevent unauthorized access to sensitive data; however, most leaks use authorized credentials, and as such, these security measures do not protect data in use or travel with the data itself. Data privacy solves this by protecting the data itself.  

Data privacy prevents exposure of sensitive data while preserving its utility for safe analytics, and thereby reduces or eliminates the consequences of a data breach or misuse, whether inadvertent or malicious. It complements and strengthens data security. Taking a layered approach to data protection is the best way to ensure that your sensitive data remains both safe and usable.

Myth #2: All of our data is stored in a protected data warehouse. We don’t allow it to leave, so we don’t need a privacy solution.

Data that is locked away might feel safe, but it’s also not available to analyze and gain insights from. 

Rather than treating data as a liability and keeping it under strict lock and key, organizations that embrace data privacy can ensure that their sensitive data remains safe, while also ensuring its utility for analytics. Significant value can be derived from providing safe access to this information. 

By applying privacy enhancing techniques to data before it is stored in the warehouse, you can balance your management of control, and also help your business leverage that sensitive data safely to get new insights. 

In addition to protecting the data itself, advanced techniques can be used to encourage data consumers of that information to take their responsibilities seriously to ensure its appropriate use. Privitar’s “watermark” technology is an excellent way to deal with the data privacy consequences of giving access to specific data. Our “watermark” technology provides extra protection by embedding intrinsic DNA inside data sets. It is a natural deterrent to anyone handling the data. The “watermark” is embedded and distributed throughout the data so it cannot be removed by filtering, reorganizing the data or changing the file format. Think of it as a ‘scanner’ for your data, similar to how you scan a microchip on your dog when he/she is lost and you need to identify the owner to be reunited. 

Our advancements in data privacy technology can help you not only protect sensitive data, but also preserve its utility for insight while providing the added protection to ID your data in the event of a breach.

Myth #3: We built our own privacy solution in-house. We don’t need anything else.

Typically, homegrown solutions employ a limited set of basic privacy enhancing techniques such as redaction and perhaps tokenization, minimizing the utility of your sensitive data. This leaves gaps in a data privacy strategy, which increases risk. 

Another important and often overlooked aspect is the inherent linkability of data generated by these ad-hoc solutions. Due to the lack of comprehensive techniques, the risk of re-identification by linking several data sets together is quite high. Lack of internal consistency in these ad-hoc solutions often reduces the utility of the data, and can defeat the purpose of making it available for analytics. Homegrown solutions are also expensive to maintain, often require hiring specific staff to support, and ultimately, are not scalable and not enforceable.

As data initiatives grow and scale up, homegrown privacy solutions become even more problematic. Business users want rapid responses to their data access requests and enterprises need a streamlined provisioning process that can meet these demands as the volume and breadth of data usage in their organizations grow. This complete process must be able to stand up to regulations and audits. Typical homegrown solutions use manual approval processes coupled with bespoke scripting. While these may suffice initially at small scale, these approaches are slow, unreproducible and ultimately break under larger enterprise demands. This is when it is time to embrace a systematic and automated approach that removes the friction between business users and safe data provisioning. 

Privitar has made significant financial investment and dedicated years of research to build out our robust privacy platform which is not an easy task to replicate. Our platform streamlines and automates data privacy and provisioning, eliminating slow, error prone manual processes, and automatically applies intelligent privacy across datasets. This makes it easier to get the right data safely into the hands of business users, and enables faster time to data-driven insights.

In addition to creating world-class privacy and provisioning tools, Privitar’s privacy experts and a full services team can help you plan what makes sense for your business on your data provisioning journey.

Myth #4: We’re already GDPR/CCPA compliant, so we are covered.

If you are already compliant with privacy regulations relevant in your state, country, or industry, you are definitely ahead of the curve as many companies are still struggling to create their internal architectures and processes that comply with regulations like GDPR or CCPA, while still meeting their business needs for analyzing that data for insights. 

It’s true that data privacy can help you meet regulatory obligations, but privacy is so much more than just dealing with regulations like CCPA and GDPR. Privacy also includes things like creating high-utility data for use with analytics, tracking data if it leaks, deterring insider threats, and dealing with compromised credentials or complex attacks.

Simply put, data privacy and provisioning can help you not only protect negative exposure for your organization, but also unlock the value of your data for new insights.

Myth #5: Privacy is just a huge cost center

While you do have to make an investment of resources in data privacy initiatives, when done correctly, privacy can present a significant revenue generating opportunity for your organization. 

The data backs this up. Cisco’s Annual Cybersecurity Benchmark Study of over 2800 security professionals in 13 countries found that most organizations are seeing very positive returns on privacy investments, and more than 40% are seeing benefits at least twice that of their privacy spend. The percentage of organizations saying they receive significant business benefits from privacy investments (e.g., operational efficiency, agility, and innovation) has grown to over 70% . 

Data privacy, when done right, allows you to use sensitive data to gain new analytics insights. It also helps with things such as remediation plans when data leaks occur, insider threats, compromised credentials, complex attacks and compliance with privacy regulations. 

The combination of security and privacy together can be an extremely compelling business case, even for those with limited budgets.

To learn more about how to power your business through safe analytics, check out Privitar’s Safe Analytics Resource Hub.