3 ways startups can avoid costly data breaches
In 2019, companies like French beauty chain Sephora and Malaysian airline Malindo Air were hit by data breaches, which compromised their customers’ personal information.
In a world where businesses use personal data to provide consumers with better and more targeted services, the prospect of this information falling into the wrong hands is an alarming one.
And these breaches don’t just hurt customers; they also disrupt the affected businesses’ operations, lead to a loss in revenue, and damage consumer trust. Last year, the average cost of data breaches in Southeast Asia stood at over US$2.6 million.
That’s why it’s vital for companies to practice proper data governance.
Protecting information
In broad terms, data governance refers to how information is collected, stored, used, managed, and secured by an enterprise.
It’s becoming increasingly important as consumers learn more about data privacy and new regulations around personal information – such as the General Data Protection Regulation in the European Union and Singapore’s Personal Data Protection Act – come into force.
However, it can be difficult for startups to figure out an effective strategy that enables them to grow while still protecting their customers’ privacy.
Danny Gilligan, chief executive officer and co-founder of data collaboration platform Data Republic, thinks it can be done. It’s important for businesses to “optimize for as little risk as possible and as much opportunity as possible at the same time.” he says.
Here are the CEO’s tips on how startups can do this.
1. Have internal data management frameworks
Many companies have clear processes on who can approve certain amounts of spending or limits on what funds can be used for. Similarly, businesses need to implement structures around the information they collect.
“What’s your framework for decision-making around the use of that data?” asks Gilligan.
He suggests creating a regimen on data handling, akin to how companies have yearly financial audits. It’s easier for startups to put such measures in place, due to their smaller size and agility.
“At any point in time, the board of a company, the executive, or even [an] external regulator can ask for validation that you only acted with that data in accordance with your own internal governance and risk frameworks, [and] also in accordance with the considerations you gave the customers,” shares Gilligan.
2. Use data management services when engaging in data collaboration
Data collaboration and the open data economy have led to many breakthroughs in recent years.
Data collaboration refers to the analysis of multiple independent datasets to gain combined insight. It is one of the benefits of the open data economy, where businesses and governments can use publicly available information in their analyses.
Medical research, for one, has benefitted from pooled patient data, and public transportation updates have become more accurate based on real-time location tracking.
But businesses need to be careful when sharing information with other organizations because it also opens them up to data breaches.
Take for instance the effects of the LandMark White data breach in Australia, where several banks shared client information with the property consultancy firm. When the data was leaked, customers lost faith in the banks in question.
“The fact that it was a LandMark White breach is almost irrelevant to the consumer because, as far as I know, the bank data that’s out there, [customers] gave that to the bank,” explains Gilligan.
To address the issue, startups should take steps to ensure that information is encrypted and protected before sharing it with other entities. Using products and services from data collaboration companies like Data Republic can create secure environments for data sharing, and it opens up the process to analysis by multiple parties.
3. Transparency is key
When it comes to using customer data for innovation, it’s better to ask for permission than to seek forgiveness.
“Everything should be built within the consent model that organizations have with their customers,” says Gilligan. “The best model is to move to a regimen where you can actually ask your customers’ permission for sharing data when you want to do it. That gives you a lot more flexibility.”
Instead of weaving details into the terms and conditions, which are often chock-full of legal jargon and overlooked, Gilligan feels that companies should tell customers what they want to do with their data explicitly.
Those who are uncomfortable with it can opt out, but those who agree can provide a business with useful data that can be used to innovate.
This goes a long way towards avoiding situations like the Facebook and Cambridge Analytica scandal in 2016.
“The governance wasn’t really there to explain to customers that their data was being [used], what data was being shared with Cambridge Analytica, for what purpose, and whether they had the control to say yes or no to that,” Gilligan notes.
The future of data governance
As technology advances, more ways to improve data governance processes will emerge.
Blockchain technology, for instance, is being hailed as a means of securing and encrypting data, while AI has the potential to sort through information and ensure that only necessary data is sent out for certain projects.
According to Gilligan, many people feel that there is a trade-off between privacy and innovation. However, this paradigm is shifting.
Ultimately, at a time where data is the new oil, the two do not occupy opposite ends of the spectrum – it is necessary to have both in conjunction.
This article first appeared on TechInAsia.