by David Millman, Privacy Engineer at Privitar

Many people associate data privacy with the challenges and costs tied to regulatory compliance.  Regulations like GDPR and CCPA are designed to protect consumer data and ensure that it is not misused. The impact of this on organizations, especially those that are multinational, is quite severe. In many cases, data must reside in its country of origin and cannot be used elsewhere, frequently stifling innovation.

The goal of this blog post is to explain how you can overcome these challenges, enable data users to leverage data-driven insights to innovate, and protect both data owners and their customers. Organizations that can successfully do this have three advantages:

  1. Compliance with GDPR/CCPA no longer limits innovation
  2. The ability to react quicker, gaining competitive advantages
  3. Better understanding of their customer base through data driven insights

Innovation and Who Benefits?

Modern organizations are racing towards the prospect of exponential innovation and growth driven by using data to drive decision-making. This need has become even more central as organizations prepare for the constant change of the world today. Situations like the COVID pandemic require businesses to adapt and overcome quickly, a key piece of this is making sure you can get the right data into the right hands in a timely manner. Chief Data Officers and CIOs both play a critical role in this as they must ensure that their data owners have the infrastructure and capabilities required to roll data out across a number of users that will derive insights.

Having access to data, and being able to leverage data-driven insights, plays a key role  in achieving innovation. Data and analytics teams from across the organization must partner with the business to provide access to data, and to the necessary analysis as quickly as possible. This is only made possible when data owners can share information safely as the desire to maximize the benefits comes with a cost if sensitive data is misused.

A data privacy platform, which turns raw data into anonymous or de-identified data, makes this possible. The right platform will enable you to protect K-anonymity for individuals in the data set while also preserving as much data utility as possible. This is especially important as it pertains to GDPR and CCPA. The GDPR defines “anonymous” as:

“…information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or longer identifiable”

The CCPA has a similar statement, but going forward I will use “anonymous” to refer to definitions from both regulations.

The key takeaway: if data is truly anonymous, it is possible to share across data science teams with minimal controls, allowing organizations to draw more conclusions from their data.

An anonymous customer/person dataset can be used to solve these organizational problems:

  • Data owners can share data without risk
  • Data can traverse geographical boundaries as de-identified data is no longer restricted by GDPR (i.e. anonymized data residing in the UK, Germany, or France can be merged together in a completely separate country such as the US).
  • Data can flow outside political boundaries ( i.e. outside of the owning organization to an SI’s location in India, Eastern Europe or other country for a group of data-specialists to access it).
  • Finally, all data that is anonymous does not need to implement any “Right To Be Forgotten” (RTBF) workflows, as no individual is identified.

From the simple examples above, it can be seen that data can now start to flow from data-sources to the data-innovators with no financial or legal risk.

Most organizations have been affected by data privacy legislation such as GDPR and CCPA. At the same time, there is increased pressure to respond to COVID and concerns about how to leverage data faster to provide better customer experiences. This has resulted in the need to innovate faster than ever, all while complying with an increasingly restrictive set of rules. As discussed, a data privacy platform that provides advanced privacy techniques that allow you to achieve k-anonymity (as found in Privitar) can be used to unblock these privacy restrictions. This will help create new paths to innovation for your organization as you rapidly enhance any business decision.