Home Data Engineering Data News Importance of Privacy-First Approach

Importance of Privacy-First Approach

Importance of Privacy-First Approach

Respecting and providing data security to users is one of the most critical steps to move forward in the age of Artificial Intelligence (AI), Machine Learning (ML), and Data Science. These technologies use data to predict outcomes of different scenarios. But that data must be protected. Earning the trust of users with the finest data privacy and security will allow us to move forward, research, and innovate in this era.

From massive data breaches to private data sales, consumers are extremely concerned about keeping personal information private and secure. For instance, nearly 80% of respondents in a recent Pew Research study raised questions against companies who own their consumer data. Sensitive information includes electronic medical records, personal genomic data, consumer info, PII (Personally Identifiable Information), employee data, Intellectual Property such as patents and other digital assets, trade secrets and even Government data, Operational & Inventory Information, and other industry-specific data.

Data privacy has become a significant concern for users in this dominant technology era. We live in an app-drive world but the use of more apps means increased data collection. This data is intentionally collected by AI tools to improve user experience, but it can have many unintended consequences. However, an intense collection of data brings the risk of data breaches by hackers. This is a serious concern because hackers can access sensitive data such as photos, addresses, credit cards, emails, etc.

There have been multiple reports of data breaches across various sectors. For example, in April 2019, Georgia Tech announced that nearly 1.3 million current and former faculty members, students, staff, and student applicants were affected by an education data breach caused by unauthorized access to a web application. Information compromised included names, addresses, dates of birth, and Social Security numbers.

Similarly, while direct-to-consumer genetic testing companies have opened up an entirely new world of information on ancestry and disease risk for individuals, many have come under fire for violating user privacy and breaching user trust. There are many such data breaching incidents that have been reported over the past few years. For example, one genealogy company was affected by a security breach that compromised ten million users’ personal information. Another DNA testing company became subject to an investigation by the Federal Trade Commission over its policy for sharing genetic data.

These issues have raised widespread privacy concerns that are impacting the internet sector. People are now reluctant to give their data to these digital companies even for research as there may be a high chance of data leaks. This is a big problem because solutions such as personal genomics can create a lot of value for the tested individuals. Furthermore, suppose the data is shared with researchers, it will enable them to understand human genetics better and possibly help cure diseases and even predict whether a certain disease will show up in a person or cure the disease before it even appears in a person. For example in Photoplethysmography (PPG) the heart rate data can be used to predict if a person will develop certain cardiovascular diseases. EMG (Electromyography) or EEG (electroencephalogram) signals can be used for various studies to treat and predict many diseases. EMG signals can assess the health of muscles and the nerve cells that control them (motor neurons). The bottom line is that no one wants this type of data to be breached, stolen, or sold to any third party at any cost.

The solution to this privacy issue lies in allowing users to own and control their data privately and securely. Users should also be ensured that their data is safe and secure. There should be new protocols and standards for communication in wireless and fiber optics which provide highly encrypted data transfer. This will minimize the chances of a data breach. Hence, there needs to be a new standard for responsible data to provide consumers with first-of-its-kind control of their data.

We need solutions that can safeguard consumers from a data breach. For example, Oasis Labs announced a partnership with Nebula that enables customers to maintain the privacy, ownership, and control of their genomic data. Through Oasis Labs’ privacy solution called Parcel, Nebula’s users will be able to retain ownership and control of their genomic data. Data remains confidential, and users can grant access to their data for specific purposes such as the generation of reports offered by Nebula or analysis by researchers. Each time a user’s genome is analyzed — whether it is to provide reports to the user or for medical research — Oasis verifies the user’s permission. Nebula users can receive reports and share data access with researchers while keeping their genomic data confidential and protected.

Along the same lines, many data privacy startups have cropped up. One of them is InCountry, a ‘data residency-as-a-service’ platform that helps companies store data locally. It offers the infrastructure to store and retrieve data in its country of origin. It also gives an API that funnels data between InCountry’s local data centers provided by AWS (Amazon Web Services), Microsoft Azure, Google Cloud Platform (GCP), and Alibaba Cloud. Another such startup is OneTrust, a data privacy management compliance established to help businesses adhere to the growing array of regulations worldwide, including GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). OneTrust platform includes a template-based self-assessment tool that allows companies to see how close they are to complying with GDPR and other legal frameworks.

Simultaneously, ‘data mapping’ helps companies understand how data flows through the organization and across borders. TrustArc is another data privacy startup that recently raised $70 million in funding. The platform is about helping companies monitor risk around regulations and identify gaps across various regulatory frameworks. TrustArc can also handle cookie consent preferences for GDPR and facilitate processes for marketing campaigns, including user consent for outbound emails. Another competitor in this area is a London-based startup, Privitar, which has raised more than $40 million. It helps enterprises engineer privacy protection into their data projects, allowing them to leverage large, sensitive data sets while complying with regulations and ethical data principles. The company provides many tools and services to achieve this task. Finally, BigID is a New York-based startup that helps enterprises protect customer and employee data, using machine learning to automatically find sensitive data held on internal servers and databases, analyze it, and ensure that organizations comply with data protection regulations.

Big data has also gained popularity in organizations, promising improved operations and new business opportunities. However, big data has increased access to sensitive information, jeopardizing individuals’ privacy and violating data protection laws. As a result, data controllers and data processors may have imposed tough penalties for non-compliance, like GDPR will take 4% of total annual revenue if authorities determine it took insufficient measures to protect data.

Such solutions can usher in the era of personal data by building a distributed platform that will accelerate data generation, facilitate data access, and streamline data analysis. Blockchain and privacy-preserving technologies can enable individuals to maintain control of their data, share it securely, and compensate equitably. This can accelerate the pace of innovation while maintaining data privacy. More and more technology companies should adopt the privacy-first approach to innovation. This brings trust to its user base while helping advance innovation as well.