Amazon’s Alexa. Apple’s Siri. Bank of America’s Erica.
These are all examples of marquee “digital assistants” central to each company’s relationship with its customers. The more each assistant knows about individual customers, the better they’ll be able to serve them. Alexa, Siri and Erica, among others, illustrate how enterprises are betting big on digital transformation, and analysts anticipate digital transformation investments will reach $7.4 trillion worldwide in coming years. Companies are collecting and analyzing large amounts of data to automate rote tasks and, ultimately, improve their customers’ experiences.
At the same time that data holds promise, data itself is becoming a threat to customer trust. Gartner anticipated that almost half of business ethics violations would happen due to the misuse of big data, and surveys suggest that such ethical violations could prevent a majority of consumers from sharing their data and, ultimately, trusting companies.
Without the ethical stewardship of data, there is no trust. Without trust, customers won’t share data. And when customers stop sharing data, trillions spent on these digital bets will go to waste.
This climate is an opportunity to gain competitive advantage. To address this trust gap, we offer a few principles for ethical data stewardship — and how Immuta can help companies grasp this opportunity.
1. Understand your data
The first principle of ethical data stewardship is understanding what data you have. Companies can’t protect data they don’t know exists.
It’s not easy. Siloed data across separate business units, for instance, obscure customer insights and compliance with data regulations. Authorizing access to data and updating policies can take weeks, if not months, due to the manual pace of “meetings and memos” (this is the phrase we at Immuta use to describe standard compliance processes).
In contrast, with Immuta, all data can be exposed and controlled through one, self-service access layer. As a result, data and compliance teams can easily understand what data your organization possesses and how it’s being used, all the while enabling compliance and data privacy.
2. Control data access continuously
Controlling data is difficult because most companies use a “release and forget” model of data management. In such models, data engineers clean and transform static data, and then provide a local copy of such data to end users. The problems are multifold: stale data, delays in data access and the inability to track how that data is being used once copies are “handed over” to end users.
Immuta solves this problem with a “release and control” approach to data access control. In this model, Immuta acts as the single layer through which all data access and processing must pass, applying policies on the data in real-time, without having to physically move or copy raw data sources. Rather than apply policies to an entire data set at one point in time (under the “release and forget” model), Immuta applies policies to the results of each query. This means that companies can access, control and track data without having to give local copies to different data scientists, eliminating the risk that those copies be shared with or used by unauthorized third parties.
3. Monitor data access for accountability
Sixty-seven percent of customers say that transparent communication builds trust that keeps them coming back to a company. But data monitoring is a challenge because of the difficulties in data access and the slow speed of manual review. For data engineers, creating reports about who has accessed data, when and for what purpose is sometimes a job unto itself. Headaches compound when data teams need to monitor activity across data silos that are dispersed across the company.
Immuta simplifies data monitoring with reports specifically designed for data teams and stakeholders. With Immuta’s automated reports and data audit trails, data engineers and architects can create customizable reports of all connected databases with just a few clicks. For example, one can easily track and report every purpose a data source has been used for, as mandated by key data regulations like the EU’s GDPR.
4. Benefit customers while preserving privacy
A focus on ethics should not mean companies lose sight of how to develop products that benefit their customers. Seventy-three percent of consumers say that quality products inspire more trust.
To preserve privacy while retaining the value of data, companies should look to use privacy enhancing technologies, such as differential privacy, wherever possible. Differential privacy injects noise into group-level statistics, resulting in provable guarantees of privacy.
Except for the most advanced companies like Apple, many companies don’t have the technical resources to implement technologies like differential privacy and other data masking tools. Instead, most use systems that either provide data scientists with full access or exclude access entirely — a black or white proposition that doesn’t fit the realities of data science or help preserve customer trust.
With Immuta, companies can easily use advanced privacy-preserving technologies like differential privacy. Because our policy engine is based on plain English, data engineers and architects can build complex policies without having to write (or even know) custom code.
5. Only use what data you need
All too frequently companies collect more data than they need, and then fail to make use of that data — creating liability without value. Companies must instead avoid situations where they burden customers by asking for too much seemingly-irrelevant data, or collecting more than they can use.
And aside from reducing liability, these strategies build customer trust. While seemingly trivial, small interactions between companies and consumers can help earn their customer’s trust and build a long-term relationship with them.
To help you survive in this new world, Immuta simplifies the process of data minimization — accessing only the data that’s needed to complete your analysis, nothing more. By using our policy engine, data engineers and architects can limit access to a designated percentage of that data through policy we call “minimization.”
Immuta users can also create time-based policies, limiting data access for specific periods of time. Both of these policies minimize data usage and encourage data consumers to be thoughtful about their data use.
Don’t get left behind
From understanding the data they hold to ensuring customer privacy, companies have a lot of work to do. But consumers and market research alike show that work is worth the effort.
Ethical data science and customer trust is central to the future of digital businesses. Don’t get left behind.
To learn more about how to manage trust at the intersection of cloud-based data usage and privacy, read Layers of Trust.