Steve Totman: Data Protection & Why It’s Critical to Innovation

November 11, 2020

Prior to joining Privitar, I was the Managing Director financial services at Cloudera. Before that, I ran strategy for Syncsort (now Precisely), a mainframe-to-Big Data company, and drove product strategy at IBM for both DataStage and InfoSphere Information Server after joining IBM through the Ascential acquisition. 

I’ve spent the last twenty years working with amazing teams, and we put a great deal of effort into building solutions that managed and processed data on increasingly large scales. In the process, we gathered lots of knowledge and information, and helped our customers gather vast quantities of data and derive valuable, data-driven insights from that data. 

This was all exciting work, and there was a lot we could help customers do that was powerful and positive for their end users. And yet, it was hard to ignore how quickly data had the potential to become misused. Organizations had a significant amount of information about their users, and it could be used in so many different ways. As we’ve seen, that can feel creepy, or even go over the line of what is useful  versus what is invasive (this story about Target sending teenager ads for maternity clothing comes to mind). I increasingly worried about where we should draw the line. I found myself consistently bringing up the importance of the legal and ethical use of data in my presentations. 

Legal data use

We’ve only recently started seeing laws that really govern data protection — the General Data Protection Regulation (GDPR), of course, the California Consumer Privacy Act (CCPA), and the newly approved California Privacy Rights Act (which Guy from our policy team explains nicely here) though there are many more, and new ones come out quite regularly (China just issued draft personal data protection regulations). These regulations are helpful, and they work largely by imposing significant fines on offenders, which may make organizations take note of the responsibilities that come with the collection and use of data. I don’t believe that regulations alone are sufficient. They’re a starting point. The increasingly large scale data collection we’ve seen in the past ten or twenty years has really changed the conversation about how to govern data use. We can follow the regulations, and we should, but governments and regulators are driving what I believe to be the minimal behavior when it comes to data use and protection.

Beyond legal, consider ethical data use

We all know that what is legal and what is ethical do not always converge, though there is certainly overlap. Yet what is ethical is the standard I think we should all be adhering to. I believe that privacy is an essential human right, as do the founders of Privitar. And yet, the way that organizations use data has far too often overlooked the fact that the data is about people — people with cancer, people who have lost a loved one, people who are going through divorce. When we call it data, it becomes a commodity, and it becomes far too easy to overlook privacy concerns, because we’re not thinking about the individuals those data points are based on.

When we do think about the data belonging to individuals, I think it naturally leads to very valuable innovations. Technology that helps track down money laundering and other financial crimes alone act as a positive force — but these models can do more — they can be used to find and reduce or eliminate human trafficking. The cloud, artificial intelligence, and machine learning all contribute to and accelerate these capabilities, which is why I believe it’s so essential that organizations change how they think about their data.  Data undeniably is an asset —  and when organizations understand its value, they will understand why it’s imperative that organizations do the right thing — protect their data and the people it represents. At Privitar, I want to change how people think about and understand their relationship with data, and begin to treat data and metadata with the respect it deserves.

Technology can drive legal, ethical, and innovative data use

We can use data legally and ethically, and still drive insights and innovation with the data we’re gathering. This is why I’ve joined Privitar — because the company has an amazing technology that can achieve these goals. Together, we have the opportunity to move the space forward. Academia has been looking at Privacy by Design and thinking about how to implement it for a long time, and there are certainly a lot of challenges. Most organizations have a lot of different data stores, there’s a lot of siloed data, it’s hard to get data scientists access to the data they need (certainly not quickly), and analysts typically only have access to a subset of data, often protected poorly or not at all. 

These are things we need to change, because we can do so much better with better data, better data protection, and better solutions. This is why I’m hugely in favor of Privacy by Design, because it builds privacy in (and by extension, security) — it’s not an afterthought. When you do that, everything becomes so much more straightforward. Now the challenge is to build it in, and we do need technology to do that. And that’s truly my opportunity at Privitar — to move our product forward into the space and be the voice of privacy so that your organization can use 100% of your data safely and ethically across your business and beyond. Because it’s the right thing for all of us.

Learn more about the basics of data privacy – read Privitar’s complete guide to data de-identification.

Spotlight on Jessi Marcoff: Chief People Officer
Culture

Spotlight on Jessi Marcoff: Chief People Officer

Chief People Officer, this is a new role for Privitar — why is that role essential to Privitar’s growth?
More than ever companies are competing for top talent, it’s no longer a “thing” to stay at a company for years and years.

Read More »
What is Personally Identifiable Information (PII)
Data Privacy

What Is Personally Identifiable Information (PII)?

Most of us have heard the acronym PII, and if asked for a definition we would say that it is Personally Identifiable Information. But if you go beyond the acronym, and ask five different people for their definition, you might get five different answers. 

Read More »

Ready to learn more?

Our team of data privacy experts are here to answer your questions and discuss how data privacy can fuel your business.