Data Privacy: Keeping private data, private!

Background

With Jan 28 being recognized as the International Data Privacy Day , it is a great opportunity to talk about the importance of data privacy in today’s day and age, and its impact on our personal and professional lives. This day was first instituted in 2007 with an aim to raise awareness and promote best practices around data privacy and protection.

Data is the new oil and just as with fossil fuels, data is both the cause and effect of a massive transformation going on in various industries and areas of our life. From your wearable smartwatch to your tax records to your communication and location history to even your correspondence, everything is data. With our lives becoming increasingly digital, the amount of user data has grown at an alarming rate with Forbes estimating that between 2016 to 2018 alone roughly 90% of the data in existence was created. With such an increasing amount of data, comes the transfer of data happening across various entities and networks. For example, your financial data may be interchanged between your bank and the credit rating agency. With these transfers, there exists a risk of data leaks and theft.

The Problem

Depending on the nature of the data, it could either contain PII (Personally Identifiable Information) like email, age, date of birth, social security number etc. or financial information like bank transactions, tax returns etc. or even anonymized data like web traffic data. As you can imagine, any data leak may result in the data operator being held legally and financially liable. Apart from these, there are various factors around data privacy which need to be taken care of, like ensuring only legitimate and limited access to data, storing data for the minimum amount of time needed, secure deletion of data that no longer needs to be stored, etc. As a net result of all this, data privacy and safety can now be termed a separate discipline of its own and is no longer an add-on to other business and technical processes.

How It Affects Telecom?

In the telecom sector, the challenges around data security get magnified because of the sheer volume of data flowing through the networks at any given time. Because of the multitude of systems interoperating to provide services to users, sharing user data is a necessary function and can lead to accidental or targeted data leaks. As many telecom operators also share resources like data storage sites and other networking hardware, it is quite possible for vulnerabilities in one operator’s processes and systems to affect everyone else’s systems. With 5G, services are becoming increasingly granular. For example, the geographical area serviced by a 5G tower is smaller than 3G/4G ones, which results in more accurate location information being available about users. Add to this the fact that many networked IoT devices like smartwatches, home automation systems carry precious health/location information, and it can be seen how it is more profitable for malicious players to target these systems. In the light of all these factors, it becomes essential to treat data privacy and security as a foundational aspect of software development and associated business processes than as an add-on.

What We Do to Tackle the Issue?

So, what can businesses (and especially technology companies) do to ensure compliance with prevailing and future GDPR-like regulations? Companies have adopted Data Governance Model with processes like privacy by design, zero trust architecture, and data privacy management to proactively restrict access to user data and ensure its secure usage and storage. Truminds especially ensures that the data journey through various subsystems is tracked and scrutinized properly to ensure security. The key principle we follow is - whenever we are processing any data pertaining to users/customers, we build the necessary processes from the ground up to ensure its safety. This is followed by setting in place battle-tested workflows and technologies to keep data safe. In the unfortunate event that a data leak does take place, we have a proper incident response protocol in place. Combined together, these initiatives lead to a secure data processing and usage methodology, thus easing any concerns users/customers may have.

Fortunately, when it comes to data privacy legislation or regulation, we have the example of GDPR to follow. GDPR has been in existence since 2016 (implemented since 2018) and is considered the gold standard for data protection laws worldwide. Many countries are now coming up with their equivalent data privacy regulations, often modeled on the lines of GDPR. Though some of these are at a nascent stage, most countries are targeting to have a mature set of regulations soon. Truminds looks forward to playing a significant part in ensuring a secure data future for customers worldwide.