The time is surely coming when your CDO mandates that your data scientists and analysts shift to working with de-identified data to enable responsible and compliant data use. They may be used to fast, even immediate access to data, which they will want to maintain across all domains. They may be less used to approval processes ahead of accessing sensitive data and PII, so you will want to streamline these within your current architecture.
To solve this challenge, you should consider the following questions:
A phased privacy-by-design approach is an appropriate way to go. Proactively embedding privacy within your workflows minimizes the risk of provisioning sensitive data inadvertently. As each domain is tackled, you can refine your roll-out template for subsequent projects.
The natural place to focus first is identifying a de-identification capability that integrates with your existing architecture. At a minimum, your data privacy platform should enable you to:
After selecting a solution, you’ll want to avoid the trap of layering-on complex data access and approval processes that impede access to data and leave your end-users upset at you for making things so complicated!
To future-proof and streamline your data privacy strategy, select a platform that provides open integration standards. APIs offer the flexibility and scalability that will take the friction out of accessing data today, and meet the demands of users 5 years from now.
Ideally, you will manage data privacy via APIs. This is far more than simply sharing a few stats on monitoring information. You’ll need APIs that allow you to integrate and automate every aspect of data’s lifecycle from understanding the structure of your data, to policy creation, job execution, and recording the full complement of auditing and logging information.
The diagram below shows a safe data marketplace workflow that Privitar architected jointly with Collibra. It describes the process for how an end-user can search the available datasets, submit data access requests while privacy policies are developed on-the-fly and de-identified data is provisioned to the user – all in a governed and automated manner, powered by APIs.
This API-driven privacy solution can be extended further, to include not just data catalogs like Collibra, but also data discovery, identity and access management solutions, and a wider range of data management tools to build out a comprehensive, enterprise-grade solution for curating data safely, across your organization.
Use of APIs goes deeper than simply managing the data privacy platform. Your entire architecture can be API-driven. Not only will this streamlined and automated privacy solution keep your data scientists and analysts happy, but you’ll be better equipped to support compliance and audit requests in a thorough and confident manner. Rather than managing a complex web of tools that do their own thing, you can create a scalable API-driven microservices architecture where everything is connected and you have end-to-end visibility of the lifecycle of your data.
Privitar currently empowers customers across diverse industries with API-driven privacy solutions that ensure your data scientists and analysts get access to the data they need, when they need it, with minimal fuss.
Our team of data privacy experts is here to answer your questions and discuss how data privacy can fuel your business.