Month: December 2019

Data optimization is the process of ensuring you are extracting the most value from your data at every stage of its journey, from capture, storage, maintenance and security, to its analysis and insights, and finally its archiving and deletion.

But if that’s what it is, what does it entail and require? It sounds like an enormous amount of work and potential upheaval, so to help, we have broken it down into 12 of the most important steps.  

12 Steps to becoming data optimized
Data Privacy Regulations

Data privacy laws are complex, widespread and evolving. From Europe’s GDPR to California’s new privacy legislation, CCPA, as well as industry-specific regulations, it’s essential to identify which frameworks you must adhere to, plus any that may become applicable as your future strategy evolves.

Data ethics

Is what you want to achieve with your data ethical? This is a question of more than whether it is line with the regulations (see the previous point), but is it in line with their underlying sentiment and purpose? Where does your project sit on the spectrum of using data to deliver services, insights and capabilities that are genuinely equally beneficial to them and you, versus exploiting their data and privacy (and potentially legal loopholes) to largely your ends?

Privacy by Design

Have your projects, processes and core activities been built with privacy in mind? Privacy by Design helps businesses be proactive when it comes to data privacy, ensuring it’s planned into the project from the very start, and in such a way that privacy does not hinder any ambition or objectives. If privacy is an afterthought and implemented retrospectively, then it will invariably restrict functionality and diminish the project’s effectiveness. Privacy should never be an obstacle to progress, only a safeguard to ensure that progress is ethical.

IT Security

With cybersecurity attacks on the rise, businesses need to go above the standard anti-malware and ransomware technology to protect their data. This includes implementing IT security practices that combat social engineering, such as multi-factor authentication and employee awareness training.

Cloud Migration

Migrating to the cloud (whether public, private or hybrid) not only gives you workforce access to your data and a wide range of applications from anywhere – the key to making your data work harder for you – but it also provides the flexibility and scalability your growing business requires, while removing the cost of managing and maintain on-premise equipment.

Cloud Management

includes the ongoing maintenance of your cloud environment – incorporating connectivity, capacity, resilience and cost-efficiency amongst others – but also the need to maintain vigilance over your data residency and continuous regulatory compliance.

The right productivity tools

Improve collaboration and productivity within your business by introducing the right tools, like Microsoft 365. Key to your selection of platform is whether your employees will be able to share data within their teams and externally – and do securely, reliably and compliantly – and also whether they will be able to collaborate. Remember true collaboration is more than sharing files and working on them simultaneously. It also includes efficient project management and the ability to reach answers faster by using dialogue-based tools such as IM and video conferencing instead of relying on outdated email and attachments.

Data is arguably the greatest cost for any IT function – and certainly the one most likely to grow and, if not managed appropriately, create uncertainty.Cost management includes capacity planning, SLA management, granular understanding of costs per department, service function and project (not just per technology), forecasting in line with business strategy and integrating with Risk and Supplier Management.

Data Analytics

This, and the two points below, are the key to data optimization. Taken together, everything above is simply typical IT processes and strategy. But in a modern business, their purpose is to prepare the business for these next three points, where data’s value is actually exploited.

Data analytics is the process of using data to make informed decisions. This may be a case of simply using performance data to learn how to improve processes or projects, or maybe using historical data to predict outcomes. These processes however rely on human interaction to query data and test assumptions.

Artificial Intelligence

Meanwhile, Artificial Intelligence, and Machine Learning in particular, is where this human interaction is removed. Instead the responsibility for testing assumptions, learning from outcomes and evolving the algorithm(s) is handed over to the machine. All at a speed and degree of complexity that no human team could ever reach.

Productivity

Your business needs to be as productive as possible, which will inherently require greater collaboration. Tools such as Microsoft Office 365 are ideal platforms for data-sharing, communication and project management – and even data insights. Make sure your business has the skills to not only deploy and maintain these tools, but also to train your teams in their effective use.

Automation

For many businesses, the greatest data optimization benefits are often gained from identifying what processes drain the most resource time, or are most repetitive or formulaic – and probably demoralise staff the most! Many find these are comparatively simpler matters of automation rather than the more adventurous deep insight projects. For example, automating the process of rejecting or progressing inbound job applications, or helpdesk support and first line customer service, or as many accountants do, automating the collection of documents from clients for personal tax processes.

Data governance and information management

The management and structuring of the vast amounts of data that businesses consume and generate every day underpins every one of the other 12 steps above. This ranges from the need to identify data’s source and legitimacy, to simply controlling the amount of data from a cost perspective or capacity planning, through to securing it, structuring it, delivering it, backing it up, and understanding its archival requirements. Not to mention appreciating the data regulations that may apply to it throughout, and documenting the appropriate policies so they can be enforced and evolved.

After all, most innovative projects – whether AI or automation or even simple data analytics – fail because the necessary data is not available, structured or even originally legally obtained.

Data Privacy questions you need to answer to determine if your compliance is up to scratch

Due to the evolving nature of data privacy laws, either with new laws being introduced and enforced or clarification on existing laws, businesses need to review their privacy compliance constantly.

However, our Data Privacy team is often called into organizations who have worked hard to achieve compliance some time ago, and whose business and the regulations that apply to it have changed, leaving their compliance undermined. By failing to adapt to new regulations, update necessary security measures or monitor how changes to the business affect which laws it must adhere to, many are left dangerously exposed.

To help, we’ve put together our top 10 questions you need to answer and continuously revisit to ensure your data privacy compliance is up to scratch for 2020, and beyond.

10 Data privacy questions your business needs to ask

Have you incorporated “Privacy by Design” into your projects?

Ann Cavoukian’s 7 Principles of Privacy by Design ensure businesses consider data privacy, security and data protection from the very start of new technology projects or changes to process, and crucially in such a way that prevents the new initiatives’ objectives being undermined. Unfortunately, too many businesses implement privacy only as an afterthought, meaning functionality almost always has to be curtailed, turning the privacy function from business enabler and protector into “business blocker”.

Have you incorporated “Privacy by Design” into your projects?

When a data breach occurs, many businesses panic, compounding the impact. Advance planning and regular stress testing however will ensure you have a clear proportional and flexible strategy focused on protecting and informing your customers, and your business in the process. Such pre-preparation will reduce the damage to your organization’s reputation if there was a data breach.

Is access to data on a need-to-know basis?

An important question to ask is who has access to your data and is it necessary for their work and business operations? You may find that some of your employees have privileged access to sensitive data or to information they simply don’t need. Also, do you know which of your suppliers have access to your data – including employees? If so, you’ll need to ensure there are contractual protections in place determining the level of access permitted and the remedies in case of a data breach.

Do you know what kind of data your company collects and processes?

Gathering data is vital to any organization but exactly how much data is needed and what kind of data is it?

Most privacy laws around the world require organizations to be transparent about the data they process. The GDPR for example requires companies to maintain a detailed and explicit record of every item of personal data they collect and use – the Record of Processing Activities, or RoPA. But this is more than a paperwork exercise. It is also of enormous practical value. By understanding the source and purpose of every piece of received data, the company can better determine what data they genuinely need to receive and what the next steps – including disposal – need to be.

Is your company’s privacy notice an accurate reflection of what your company does with personal data?

The way data is captured and processed must be accurately and transparently stated in a privacy notice or privacy policy that is freely available and easily accessed. Have you updated your company’s privacy notice recently?

Have you considered the impact of Brexit on your GDPR and wider data privacy obligations?

If the UK leaves the EU under a no-deal Brexit, the UK is a third country without data adequacy and no surviving status quo. Overnight, it becomes an illegitimate territory for EU personal data. There are a series of measures that businesses active in the UK will need to consider or revisit, some of which are part of standard GDPR adherence, but some that are specific to Brexit itself .

Does my organization need a Data Protection Officer?

Under many privacy regulations, organizations need to determine if they need to appoint a Data Protection Officer (or similar titles). For example, under GDPR, if your business is a public authority or is processing personal or sensitive data at large scale, you are mandated under Articles 37-39 to have a Data Protection Officer. If you last reviewed your need for a DPO some time ago, it might be worth revisiting this as you may have breached the threshold. It is also worth checking the duties of the DPO under the various frameworks, as these are changing. It’s also worth noting that whilst DPOs can be appointed internally, they might not be suitable for the role, an option to overcome this is to outsource this role to a specialist.

Does your company have a process in place to respond to data subject access requests and/or complaints?

Under the GDPR legislation, EU citizens can request access to their data, find out if their data is being processed, and request a transfer of their data to another system. There must be a process in place which states who handles these requests. They must also be able to retrieve all the data as well as securely transfer the data to the person who made the request. This must be provided free of charge and without “undue delay.”

Are you ready for CCPA?

The California Consumer Privacy Act (CCPA) comes into effect on 1st January 2020 and will affect any business that serves Californian residents, has at least $25 million in annual revenue, as well as any companies of any size that have personal data on at least 50,000 people or collect more than half their revenue from the sale of personal data. It’s estimated that only 44% of in-scope businesses are prepared – are you one of them?

How Calligo can help

If any of these questions appear relevant to your business, submit an enquiry or book an initial free consultation with the Calligo Privacy Team.

Privacy by Design (PbD) is based on seven principles that help businesses be proactive when it comes to data privacy and build privacy into the very heart of their projects, processes and core activities.
The concept was created and defined by Dr Ann Cavoukian, Ph.D, an Executive Director of the Global Privacy & Security by Design Centre and previously the Information and Privacy Commissioner, Ontario, Canada. Work began in 1995 but it was formally launched and accepted in 2010.

Why are the 7 Principles of Privacy by Design important?

Privacy by Design is one of the key principles of data optimization – the art and science of making the most of your business’ data without compromising your legal obligations or data ethics.
It’s not just a framework to aspire to; privacy laws, such as GDPR explicitly mandate that organizations need to consider Privacy by Design at the earliest stages possible of any project, and throughout the entire lifecycle. This is key to ensuring ongoing adherence to the regulation – and many more as the structure of GDPR is emulated in more and more territories’ own privacy legislation.

When are the 7 Principles of Privacy by Design relevant?

Fundamentally, if any activity is dependent upon or even tangentially connected to, the use of personal data (so, most activities then), Privacy by Design is essential to ensure that you are continuously treating your data subjects legally, appropriately and frankly, ethically.

What are the 7 Principles of Privacy by Design?
  1. Proactive not reactive; preventative not remedial
Proactively anticipate privacy-invasive events before they happen, rather than rely on identifying and reacting to issues as they threaten.

2. Privacy as the default
   This insists that the maximum degree of privacy should be delivered by default, from the very start and throughout its lifecycle, automatically. A key part of this is ensuring that only as much data as is genuinely necessary is collected, no more. If this is ensured, then the potential to undermine privacy is markedly reduced.
3. Privacy embedded into the design
   To ensure that privacy is integrated into the initial stages of a product’s design and architecture as well as IT systems and business practices. By considering privacy at the design stage, privacy can be achieved at the same time as ensuring the functionality and productivity of the project. In contrast, if privacy is retro-fitted, it will invariably hinder the project’s capability as the original design will have relied upon illicit freedom in the use of data.
4. Full functionality — positive-sum, not zero-sum
   This ensures that whilst privacy is embedded at the very core, functionality doesn’t suffer. Businesses need to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made.
5. End-to-end security — lifecycle protection
   An essential part of data privacy and protection is security. Privacy by Design ensures that IT security is present from data collection, through to storage and eventual deletion.
6. Visibility and transparency
   This makes sure that all stakeholders (particularly data subjects) are informed of the business’s privacy practices and policies and that they clearly state how data will be processed, stored and erased, as well as any technologies used.
7.  Respect for user privacy
   Provide data subjects with all the tools required to uphold their privacy rights – from clear and transparent privacy notices, strong privacy defaults and user-friendly interfaces. As well as ensuring all personal data is accurate and up-to-date.
   
   The seven principles of Privacy by Design enable organizations to design better products and ensure that they are privacy-compliant from the very start.
    
   If your business is facing a new data project, our team of Privacy Architects can help.
    
   With equal expertise in cloud technology and environments, data insights such as machine learning, data analytics and data visualizations, as well as data privacy legislation, our team will ensure your data project does not overtake your Privacy by Design obligations, nor hamper any of your ambitions.

Artificial intelligence and its subset, machine learning, have undoubtedly been the buzzwords of 2019, especially within the business and technology worlds. With hundreds of articles making grandiose claims regarding how AI will transform businesses, many organizations who have already deployed AI within their businesses are struggling to see results, often deeming the projects as failures.

Why is this? More often than not, it’s because the business decided on where to implement AI, instead of discovering where it would have the most beneficial impact within the organization.

Just because a given process is the most painful, labour-intensive or inaccurate, it doesn’t mean that it is the most suitable process in your organization for the introduction of AI.

So, how do you discover where the most profitable and practical use case for AI within your business is? Our Data Insights team believes there are three stages to successfully discovering where AI is most beneficial within your business.

Step 1: Data Ethics

Data ethics is an important starting point for any data-orientated project and has been a popular discussion point in 2019, especially when it comes to AI.

But what does data ethics entail? Here are some of the questions our Data Insights team pose during our projects:

  How will you ensure that AI treats your customers and employees appropriately and that decision-making is transparent?

   How will you identify and mitigate risks to safety, happiness or profit?
 
   Do you have the right permissions to use personal data for automated decision making?

  Do you have the skills and deep understanding of your internal data processes to ensure your AI project will be built on ‘privacy by design’?

Step 2: Data Maturity

Before searching for where to deploy AI, you need to be sure that your business is even capable of taking advantage of it. This is a multi-faceted requirement, ranging from your business’ technology infrastructure and skills to your data discipline and even your board-level and wider culture. Only once all of these pre-requisites are met can you start investigating where AI can be deployed.

   Is your strategy data-led?

  Is your day-to-day operational execution data-led?

  Is your technical architecture suitable?

   How robust is your data governance? And importantly in terms of historic data-gathering, how robust has it been up until now?

Step Three: Discovering the right use case

Now that your data insights project will be ethical, appropriate and you can be sure that your business is prepared for both the introduction of the project, and to make best use of the outputs, you can start the search for the best place to implement it.

But how do you find it?

  Strategic Review

Apply your strategic objectives to each of your business functions to identify where the most urgent needs, shortfalls and challenges exist.

  Impact Assessment

Identify what benefits can be anticipated from tackling each of these, whether hard (cost reductions, revenue generation, compliance, etc) or soft (culture evolution, digital transformation, competitive advantage, etc)

  AI Relevance

Once you can see where the greatest benefits are to be gained, is AI the right technology for delivering them? AI is most impactful when it is given the freedom to be creative – you might find analytics or automation may be more appropriate.

  Data Audit

What relevant and useful data do you have available to you, whether proprietary or external?

To find out more about each of these questions in all three stages and how to answer them all – and others – download our guide to finding the right use case for AI in your business.