BigID's Data Leaders Program - Week Two on Data Privacy

By: Meera Malhotra

Date: Jun 16, 2023

This week BigID’s Chief Data Office hosted the second installment of its Professional Development Series for Tomorrow’s Data Leaders. After introductions and discussions of data strategy, this week’s focus was primarily on data privacy. This week the series tackled a lot of issues that data privacy professionals have been faced with, particularly with the advent of generative AI. We were lucky enough to bring in JoAnn Stonier , Chief Data Officer of 萬事達卡 to speak about the advancements in the world of data privacy.

Stonier has been a pioneer in many fields, working as Chief Privacy, Information Security, and now Data Officer in Mastercard. She framed privacy as a means of trust between customer and institution, something that takes a long time to build, and that can be brought down in an instant through a data leak or breach. Trust becomes essential to maintain consumer relationships when your organization is data driven. So, privacy strategy must be aligned with data strategy. To maintain trust, products must be designed with privacy in mind- privacy by design. Privacy by design has become more and more popular in the industry, especially after larger regulatory fines have been introduced.

When organizations implement privacy by design, Stonier explains, there are many things to keep in mind. With varying privacy regulations from state to state, and even country to country, it is up to an organization to choose how stringent the rules they want to work with are, often the more global the company, the higher the regulation. This allows for less redesign time, and gives you the framework to work within. Then product and privacy teams should work together to conceptualize how to use the data they're working with, aligning both their goals, which is often referred to as data management. Once the product is prototyped, it should go through intensive market testing, as well as testing the data and analytic AI. It’s then released, commercialized, and reviewed. This allows for later enhancements to the product.

Often, built into software, are PETs or privacy enhancing technologies. Some examples Stonier discusses are synthetic data, data masking, secure multiparty computation, differential privacy, federated learning, and homomorphic encryption. These tools allow organizations to safely use data they collect to make data driven decisions, while still remaining compliant with regulations and protecting customer privacy.?

Generative AI has been a huge threat to how most organizations implement data strategy. With large amounts of personal data being used and often from different unverified sources, baseline models should be verified and data should be validated. This is not to say that generative AI is not a tool that shouldn’t be used, as Stonier says, “privacy’s job is not to be a bucket of no’s,” but to come up with creative solutions to problems. Controls can be built into the tool to adapt to new regulations as they come out. Distance between models and product can be adjusted to deal with the relative sensitivity of the data. Privacy can lead to innovation.?

Stonier explains exactly how privacy becomes innovation, with Mastercard’s AI governance framework, and how Mastercard has been adapting to generative AI. By first understanding the purpose of predictive analytics, evaluating the data through risk scorecards, and data suitability analysis, organizations can produce data use case model design and risk scoring to build a model. When building a model, organizations must make sure they understand proxy variables they may have used and check for bias in their demographic variables. Then the model must be thoroughly tested, and assessed before production.

In execution of AI governance models, Tomer Elias , Senior Director of Product Management at BigID, gave a demo of the BigID platform, showing a data driven approach to privacy compliance. Because of the variance in regulation laws, it can be difficult to keep track of compliance or organizations may have difficulty building a data inventory because of issues related to data mapping. He showed how the tool can be used to streamline and make AI governance effective, a pressing need in an age of generative AI.

If you're interested in learning more about privacy, security and strategy in data, please visit BigID's website and attend our upcoming workshops and webinars.