Data Privacy – Growing concern or a mere exaggeration?
By Prakash Baskaran
How often are we coming across conversations around privacy of shared information these days? 1 in every 4 people are talking about the internet getting creepier by the day. We often share personal information on various sites such as Credit Card numbers, Bank Account details, Aadhar, along with Email IDs and Phone numbers. What most of us don’t realise is that this information is being used by organisations into developing intelligent technologies. Data drives technological innovation and there is no two ways about it. But, is this innovation really turning into an invasion of privacy and becoming growing concern or are we simply exaggerating because systems and software tools are getting intelligent by the day?
Is it a good thing that we are able to move into a phase where intelligent systems will be able to provide better solutions to problems which are too complex for the human brain? One could agree to this without blinking! But if the possibility of this intelligence surpasses the boundaries of being helpful in solving problems to creating some like ID theft and fraud, then information and cyber security becomes a growing concern. And that is exactly what everybody is talking about lately. If you have watched ‘The Social Dilemma” on Netflix, you would agree that nothing we share on the web is safe anymore. Knowingly or Unknowingly we are providing a free hand for platforms, systems and software to pick our personal information and turn it into money making data for organisations to use at their will. It has become acutely important to start thinking about securing the information being shared on the web. In the list of the worlds’ 70 largest platforms with respect to market capitalisation – America has 73%, China has 18% and Europe has 4% of the platforms. One of the primary drivers of value of these companies is their ability to collect and analyse data of users which often leads to network effects that help them grow and become very dominant actors in the economy. These companies have also been in the forefront of adopting AI to analyse this data.
It is proven without a doubt that we cannot live without the web or sharing information. We are a part of the generation that believes and thrives in digital transformation. On one side we have proponents of Data Democratisation. Believers of Data Democratisation strongly propagate the idea since it enables transparency, competitive advantage and empowers individuals at all levels of ownership and responsibility to use this data in their decision making. And then there are serious critics, individuals and professionals who have started voicing concerns about data being misused, misinterpreted and / or manipulated for commercial gains. Data exists in silos across the web, and with recent technologies organisations are able to gather this scattered data and compile it into useful, meaningful information which helps in decision making. The problem occurs when, this information is being misused for personal gains or cause security risks without maintaining the integrity.
There are many applications at various units of an organisation, that are used but not created with the principle of “Privacy by design”. Data collected from IoT devices are not necessarily considered private. Making a customer the Data Owner, letting the customer manage their privacy, providing the ability to revoke the rights to the data or right to forget is an afterthought or as in most cases not considered at all.
Similarly, the enterprise applications, off the shelf applications or SaaS applications, that almost always deal with sensitive, critical and PII data do not necessarily are built with “Privacy accountability”. There is no unified framework for all these data sets enforcing Data Security, Data Privacy and Data Governance. There are multiple solutions such as DLP, IRM, CASB, Data tokenisation, Data masking, access controls, among others are deployed. But they typically do not talk to each other. Most specifically, they do not know which policies, consent, access controls to be applied for various datasets in an organisation. Finally, digital transformation and innovation are hampered when there is a constant worry about data security, data privacy and data governance. Hence creating a real need to have an Automated system or a unified Data Security Governance framework in an organisation that helps them with digital transformation, innovation, staying competitive while ensuring data security, data privacy and data governance go hand in hand whilst enforcing appropriate policies, access controls, consent at the data level.
4 years ago, when data privacy and governance were rare topics of discussion at select forums, we understood that this is going to become one of the major concerns in the coming years. We invested heavily into understanding these issues closely and conducting in depth R&D to develop carefully curated systems which will not interfere with any individual or organisation’s operational will to share information. Our in-depth awareness about the risks and issues related to Data being unsecure led us to understand that Data Privacy is valuable to organisations beyond just meeting regulations.
This understanding and analysis encouraged us to develop systems that empower organisations and individuals with the ownership of the information that they have created. Data that you share can no longer be dispersed without your consent. If done so somehow, you are at the very least aware of what is happening to it. And that is how SecurelyShare came into existence.
After years of R&D, SecurelyShare has filed and obtained the following seven patent grants (USPTO):
USPTO Patent No
US 8,806,200 B2
Method and System for Securing Electronic Data
US 9,124,641 B2
System and Method for Securing the Data and Information Transmitted as e-mail Attachments
US 9,015,483 B2
Method and System for Secured Data Storage and Sharing over Cloud Based Network
US 8,909,925 B2
System for Secure Electronic Content, enforce usage Polices and Provide Configurable Functionalities
US 9,118,660 B2
Method and System for Providing Access to Encrypted Data Files for Multiple Federated Authentication Providers and Verified Identities
US 9,571,469 B2
Computer Implemented System and Method for Ahead-of-Time Delivery of Electronic Content
US 10,579,809 B2
National Identification Number Based Authentication and Content Delivery
With the introduction of new data privacy laws & regulation across the globe like GDPR, CCPA, PDP Bill, Aadhaar guidelines, etc., organisations need towards data management has changed significantly. The need to have a single comprehensive solution to address the end-to-end data security, privacy & governance solution for structured and unstructured sensitive information (PI/PII) has grown exponentially since then. It is now clear that investments on data privacy tools would help beyond just meeting the privacy regulations & compliance. Adequate measures would have to be developed in order to ensure that any data sharing framework does not dilute the protections afforded by the Personal Data Protection Bill, 2019 (PDP Bill).
With our patented approach towards data, the second step is to have a clear process to discover, separate, store and administer the sensitive, critical and PII data from the business / transaction data. When we take this approach, each dataset from various enterprise applications can be subjected to the most appropriate policies, access controls. When we embed this patented approach towards data and the process of separating sensitive data into enterprise applications and SaaS applications, we can make each of these applications pre-built with security & governance.