Select Page
2020 and the future of data science and data privacy

2020 and the future of data science and data privacy

Recently, data science and data-driven businesses have been marred by scandal. From the Cambridge Analytica election affair, to Google’s secretive move into the healthcare space, people are angry and regulatory authorities are showing teeth. 

However, we believe 2020 will have good things in store for the industry. Namely, we suspect there will be a focus on making data actionable for data science and embedding privacy into innovation.

 

Data scientists are limited by privacy concerns, but they don’t have to be

A lack of data access is a core problem that data scientists face on a regular basis. When their job is to find actionable insights, traditional approaches to handling privacy makes it challenging to get right. For example, masking and encryption wipe the analytical value of the data, and rob scientists of the material necessary for completing their job. This has pitted compliance and data teams against one another, while leaving both teams unfulfilled. After all these approaches fail to meet the values of either team: they wipe value and don’t ensure personal data is protected.

Yet, both of these objectives are essential to innovation and business growth. Organizations require actionable data and consumer protection. If approached correctly, privacy protection is the method to unlock data. We know, this sounds like an oxymoron. But truthfully, preserving privacy the right way will give your data scientists increased and improved data.

 

2020 will be the year of risk-aware anonymization

In order to achieve innovation goals, businesses must rethink the way they handle privacy. Organizations cannot rely on traditional methods like access controls, masking, encryption, and tokenization in order to achieve anonymized data. These legacy processes were intended for security, not privacy, and they appeared at a time when data wasn’t valued by organizations in the same way as it is today. 

In the new era of anonymization legislation, none of the legacy approaches to privacy compliance are fit for purpose. 

The best solution on the market today is risk-aware anonymization: A technique that combines the most advanced privacy approaches – differential privacy, k-anonymity – with AI to optimize for risk reduction and value preservation at scale. By using this tool, analysts and scientists will be able to unlock their data lakes and warehouses while respecting consumer privacy. In essence, the process of stripping personal information will transform consumer data to business IP.

 

Anonymization makes it possible to embed privacy into innovation

Once businesses have invested in risk-aware anonymization technology, they will be able to reach a new bound of success. Not only will their scientists have full access to data, but consumer privacy will also be ensured. 

We predict this is the wave to come next year, in which all business stakeholders will achieve their priorities and boost performance. We believe this is the solution to better organizations through and through, and that it is only by establishing privacy in the business model that innovation can occur.

 

Privacy is the foundation of progress. 2020 is the year businesses will garner the benefits.

Join our newsletter


2019 was a game-changing year for data privacy

2019 was a game-changing year for data privacy

Amidst the rise of data science and analytics years ago, concern for privacy faded. This year, that sentiment has been eradicated. Data privacy and governance are of great significance, fuelled by an increase of regulations and consumer awareness.

2019: the year of privacy awareness

Last year, the General Data Protection Regulation (GDPR) was implemented. Today, more than 100 countries have developed data protection laws. This shift signals the quickly growing significance of privacy to the average person, and the relevance to business operations.

While regulations are increasingly being adapted and standardized, the rapid trajectory of stricter governance and requirements is unavoidable. Regulations are evolving and spreading across the globe with a vengeance. In particular, GDPR has showed some teeth, actioning €405,871,210 in fines. 

In turn, anonymization has jumped in popularity as a method for avoiding significant fines and regulatory penalties by taking data out of scope. But, organizations are benefiting from their privacy investments beyond compliance. 

 

Growing investment in privacy

In a survey by Cisco, 97% of companies who have made investment in privacy, have experienced at least one of the following benefits:

  1. Enabling agility and innovation from having appropriate data controls (42%)
  2. Gaining competitive advantage versus other organizations (41%)
  3. Achieving operational efficiency from having data organized and catalogues (41%)
  4. Mitigating losses from data breaches (39%)
  5. Reducing sales delays due to customer concerns (37%)
  6. Gaining appeal with investors (36%)

Consequently, this year we watched privacy protection transform from a burden to a competitive advantage that encouraged companies to maximize their investments and achieve a standard beyond that which is expected by regulations. However, most organizations still have a long way to go to achieve that.

While we expect privacy-preserving solutions to be increasingly implemented next year, 2019 was all about a shift in perception. Privacy is important! Privacy is important! Privacy is important!

 

Our ten favourite achievements of 2019

1. Microsoft announced they will honour CCPA-compliant protocols across their US operations.

Microsoft is making privacy moves, and we respect that. In November, they vowed to afford all US residents with the “core rights” outlined in the landmark state privacy law. This includes the Right to Know, Right of Access, Right to Portability, Right to Deletion, Right to be Informed, Right to Opt-Out, and Non-Discrimination Based on Exercise of Rights.

2. Apple rewrote their privacy page.

Apple’s privacy page explains how they’ve designed their devices with their consumers’ privacy in mind and set the standard for taking consumer privacy seriously. 

We covered this earlier. Read this post to learn more.

3. Twitter launched a privacy centre to centralize data protection.

Earlier this month, Twitter launched the Twitter Privacy Center, a resource aimed at centralizing the business’s data privacy efforts. We believe a centralized and easily approachable platform like this is the future of privacy communication.

4. GDPR is holding businesses accountable and setting precedent.

With €405,871,210 in fines announced, GDPR is doing a lot of work to bring businesses’ privacy procedures up to date. What’s more, it is spurring and inspiring similar legislation worldwide. Importantly, GDPR is sending the message that businesses cannot act without first considering their consumers.

We have written about the impact of non-compliance on businesses extensively. Check out this piece on Deutsche Wohnen SE.

5. Google launched their own open source differential privacy library

Google has come under scrutiny recently over their privacy practices, and rightly so. Between Project Nightingale, the acquisition of Fitbit, and their oversharing with the University of Chicago Medical Center, Google has made some very poor choices for consumers this year. However, one success that we commend is the new open source library that institutes differential privacy. Learn more here.

 6. The rise of second-party data, and rejection of third-party marketplaces.

Amongst the new wave of privacy regulations and demand for transparency, achieving the same level of understanding has become a challenge. It has also increased the risk of using third-party data because businesses cannot trust that the outside sources have met compliance regulations or provided accurate data. Consequently, more are turning to second-party data sources.

7. More than 25 state privacy laws were proposed to address consumer data rights in the United States.

Currently, 25 US states have data privacy laws that govern the collection, storage, and data usage of residents. This is a significant improvement, stimulated by GDPR, that is encouraging the development of a national privacy law.

8. Consumers called out businesses for not respecting their privacy.

It’s not only government pushing businesses to be more privacy-conscious; customers are also leading the way. For example, when Google acquired Fitbit, users tossed their devices. These actions are pushing the privacy movement forward and making a real impact on the nature of insights to date. Read more on this here.

9. Privacy has become a key message in the upcoming US presidential election.

Data privacy has become a major campaign issue in the upcoming election, signalling the importance of the topic to citizens. We love hearing this shift in rhetoric and are excited that candidates have been encouraged to speak to its importance.

10. CN-Protect was launched.

CryptoNumerics is on a mission to ensure privacy protection is not detrimental to businesses. We believe privacy and insights can exist in conjunction. That’s why we launched CN-Protect, a solution to optimize anonymization and data retainment. It is the ideal solution to get compliant while realizing the business benefits of a privacy focus.

2019 has been a game-changing year for data science and privacy, both for those who failed to meet compliance standards (hello, massive fines!), and those who reaped the economic benefit of their privacy investment. If 2018 was the year of regulations, 2019 is the year of privacy awareness. We expect 2020 will be consumed with privacy action.

Join our newsletter


The top five things we learned about privacy in 2019

The top five things we learned about privacy in 2019

2019 has been a trailblazing year for data privacy, that left us with a few clear messages about the future. We’ve collected our top lessons to help inform your privacy governance strategy moving forward.

1. Privacy is a multi-dimensional position: legal, ethical, and economic

Since the implementation of GDPR in May 2018, people have been quick to consider privacy from a legal perspective – as something that must be mitigated to avoid lawsuits and regulatory fines. In doing so, they have all missed the other important factors to consider: the people and the data utility advantage.

When your business collects consumer information, it is important to remember that this is personal data. As such, there is an intrinsic duty and trust linked to the collection. There is an ethical responsibility to do right by your customers, determining that you will only use their data for reasons they are aware of and have consented to, and that you will not share the data with others. Responsible data management is fundamental to your relationship with customers, and it will have a significant advantage to your business to do so.

Economically speaking, positioning your business as a privacy leader is the best strategy, and not only from a brand perspective. If you anonymize personal information, your analysts will have increased access to a valuable resource that can help improve strategy and a product or service.

2. Privacy is not one-size-fits-all

Consumer data contains an inherent privacy risk, even after it has been de-identified. That is why a privacy risk score is essential to understanding the effects of privacy protection methods. Even if you mask the data, you don’t know how successful your process was until you assess the re-identifiable risk. That is why we believe a privacy risk score is so fundamental to the anonymization process.

However, we’ve learned that a score also enables businesses to customize their personal risk thresholds based on activities.

Such is important because businesses do not use all of their data to undertake the same activities, nor do they all manage the same level of sensitive information. As a consequence, privacy-preservation is not a uniform process. In general, we suggest following these guidelines when assessing your privacy risk score:

  • Greater than 33% implies that your data is identifiable.
  • 33% is an acceptable level if you are releasing to a highly trusted source.
  • 20% is the most commonly accepted level of privacy risk.
  • 11% is used for highly sensitive data.
  • 5% is used for releasing to an untrusted source.

3. Automation is central to protecting data assets

Old privacy solutions are no match for modern threats to data privacy. Legacy approaches, like masking, were never intended to ensure privacy. Rather, these were cybersecurity techniques evolved in a time when organizations did not rely on the insights derived from consumer data. 

Even worse, many businesses still rely on manual approaches to anonymize the data. With the volume and necessary precision, this is an impossible undertaking doomed for non-compliance.

What businesses require to effectively privacy protect their data today is privacy automation: a solution that combines AI and advanced privacy protection to assess, anonymize, and preserve datasets at scale.

4. Partnerships across your business teams are essential

Privacy cannot be the role of one individual. Across an organization, stakeholders operate in isolation, pursuing their own objectives with individualized processes and tools. This has led to fragmentation between legal, risk and compliance, IT security, data science, and business teams. In consequence, a mismatch between values has led to dysfunction between privacy protection and analytics priorities. 

In reality, privacy has an impact on all of these figures, and their values should not be pitted against each other. In today’s regulation era, one is reliant on the other. Teams must establish a unified goal to protect privacy in order to unlock data. 

The solution is to implement an enterprise-wide privacy control system that generates quantifiable assessments of the re-identification risk and information loss. This enables businesses to set predetermined risk thresholds and optimize their compliance strategies for minimal information loss. By allowing companies to measure the balance of risk and loss, privacy stakeholder silos can be broken, and a balance can be found that ensures data lakes are privacy-compliant and valuable.

5. Privacy is a competitive advantage

If you want to take cues from Apple, the most significant is that positioning privacy as central to your business is a competitive advantage. 

Businesses should address privacy as a component of their customer engagement strategy. Not only does compliance avoid regulatory penalties and reputational damage, but embedding privacy into your operations is also a method to gain trust, attention, and build a reputation for accountability. 

A Pew Research Center study investigated the way Americans feel about the state of privacy, and their concerns radiated from the findings. 

  • 60% believe it is not possible to go through daily life without companies and the government collecting their personal data.
  • 79% are concerned about the way companies are using their data.
  • 72% say they gain nothing or very little from company data collected about them.
  • 81% say that the risks of data collection by companies outweigh the benefits.

Evidently, people feel they have no control over their data and do not believe businesses have their best interests at heart. Break the mould by prioritizing privacy. There is room for your business to stand out, and people are waiting for you to do so.

Privacy had a resurgence this year that has reshaped law and consumer expectations. Businesses must make protecting sensitive information a business priority across their teams by investing in an automated de-identification solution that fits their needs. Doing so will improve the customer experience, unlock data, and serve as a differential advantage with target markets. 

Privacy is not only the future. Privacy is the present. Businesses must act today.

Join our newsletter


Healthcare must prioritize data privacy.

Healthcare must prioritize data privacy.

Healthcare is a system reliant on trust. This is true, not only for front line providers, but across the industry, perhaps most significantly, with researchers. Yet, in recent years, the news has promoted story after story about a lack of patient privacy and insufficient security measures. Just a few days ago, LifeLabs had a breach that leaked the personal information of approximately 15 million Canadians. Healthcare cannot afford to have their methods questioned, doubted, or refused, and one misstep could dismantle the carefully created industry.  

Record releases, deception, and litigation: current threats to healthcare

On December 17, LifeLabs, one of Canada’s largest medical services companies, disclosed that they had suffered a massive cybersecurity breach, in which hackers gained the highly confidential information of up to 15 million customers – largely BC and Ontario residents. The database included health card numbers, names, email addresses, login, passwords, and dates of birth. Worse yet, the hackers obtained test results from 85,000 Ontarians.

“I’m sorry this happened and we’ll do everything we can to win back the confidence of our customers,” LifeLabs chief executive Charles Brown said in an interview. “[Private companies, government, and hospitals have] got to do more to make sure all our customers feel secure.”

At the time of the attack, LifeLabs paid a ransom (amount undisclosed) in an attempt to secure the information. This move was condemned by experts, as it implies a reliance on the information, inability to secure it in other ways, and makes no guarantee that the files ill be returned. Some have even suggested that paying ransom increases the likelihood that LifeLabs will be the target of another attack.

Now that the hackers have seen the files, there are two main concerns (1) that they will release the test records, and (2) that they will use the identifiable information to perform nefarious acts for financial benefits, like obtaining a loan or getting a credit card.

This risk is why identifiable information is so valuable, and it is why organizations, especially in the healthcare field, have a duty to protect it. This means investing in both cybersecurity controls and privacy solutions.

In relation to the LifeLabs scandal, the Ontario Privacy Commissioner, Brian Beamish, said: “Public institutions and health-care organizations are ultimately responsible for ensuring that any personal information in their custody and control is secure and protected at all times.”

LifeLab may be at risk of civil litigation from victims seeking compensation. After all, there is a precedent in the matter, whereby two class-action lawsuits were brought to the Quebec Superior Court over a similar incident with a Desjardins Group breach earlier this year.

Similar concerns over the safety and security of patient data exist not only across the health caregivers but also the organizations performing research and using the data. Such is seen in the uproar surrounding the contract between NHS and Amazon, by which the virtual assistant, Alexa, gained access to health information. (Read more about the NHS-Alexa deal in our blog post: “You are the product: People are feeling defeatist in the surveillance age.”)

Privacy will be foundational to healthcare innovation: predictions from experts

Eleonora Harwich, director of research and head of innovation at Reform, said that “The key issue of 2020 will be establishing what fair commercial relationships look like between the private sector, the public sector and patients when data are used to create digital healthcare products or services. People are increasingly unhappy with the status quo in which they have little knowledge or agency over what is done with information about them.”

Her comments are just one of many that echo frustration over privacy and security concerns with healthcare. As the year comes to a close, healthcare experts have begun making predictions for the year ahead. Comments range from the significance of AI to ideas of telemedicine. However, all iterate the paramount importance of data privacy moving forward.

The cross between innovation and healthcare has reached a never before seen magnitude, which requires a shift in focus. Organizational and technical controls must be implemented to prevent the exposure of sensitive information.

Join our newsletter