The information and data within any business is a valuable asset. It is now considered a key driver to business growth and success. Data is collected every second of every day, and so it is important for businesses to capture, process, and manage data correctly. The security of data must be a priority within a business. It needs to be protected from unauthorised access to prevent it from being tampered with, destroyed, or disclosed to others.
With increasing urgency, organisations across all industries are focused on protecting the privacy of their users and their valuable corporate data. The increasing trend in cyberattacks means it is no longer a case of ‘if’ but rather ‘when’ your business will end up on a target list. We sat down with Dan Pelos, Lead Data Consultant, to discuss all things data, including privacy, security, and how you can make use of data without risking either of those things, especially in extremely sensitive industries such as healthcare.
There are a lot of industry buzzwords out there at the moment, and these tend to lead someone to focus on a narrow solution rather than trying to respond to the broader business requirements. So, quite often I'm being asked by clients, "Do I need Data Science?" or "Can Artificial Intelligence and Machine Learning solve all my problems?". The answer to these questions is quite often “No”, because the data they would need to support a machine learning project is not rich enough, if it even exists at all. When there is workable data available, a quick win is to apply a simple analytical dashboard using the right data. It's a case of working to get your business on the right path so you can reach your ‘nirvana state’. This, of course, starts at the beginning with data preparation which includes data privacy.How can we be better prepared for the privacy of data?
There are many ways to protect data, including having strong user authentication, encryption, data deletion, backups, etc. However, businesses should be thinking long-term strategy and asking themselves questions such as:
- How do we process and store personal information? Is this done securely, and so that only the right people have permission to access this information?
- Do we have the right level of consent? Make sure you have the correct permissions to hold or share personal information.
- Is our data up to date, and how long should we keep it? Only keep data you need, and make sure personal information is regularly checked and updated.
- What is our data removal process? You might get asked to remove all personal data for an individual, so make sure this is done correctly and completely.
- Do we know where all data resides, who has access, and is it being audited? Ensure you can trace where data exists at any time. Running data audits and tracking should be standard processes.
- Are we able to measure and demonstrate data compliance globally? Data should be managed properly across an entire organisation.
- How do we monitor data security, incident management, and breach detection? Teams should be in place to manage the protection of data and be able to identify the risks.
- Have we calculated the financial impact if there is a data breach? This can devastate companies of all sizes especially small and mid-sized businesses. A recent study found that organisations with fewer than 500 employees were hit by losses of more than £2 million on average.
Can you give an example of how we can take advantage of data without exposing it?
Not all data is considered sensitive. Data can also be tagged or anonymised which allows business users to analyse their data without seeing any sensitive information. For example, let’s say someone in healthcare wants to explore 'Age Vulnerability' to identify if elderly people with a high proportion of healthcare services are receiving the right level of care. Analysts will still be able to answer this without accessing the individual’s personal information.How do you feel about the security of data in healthcare?
Data capture is increasing rapidly in healthcare through new technologies, including augmented and virtual reality, robotics, and the Internet of Medical Things (IoMT). It is important the right systems are put in place, and data is captured and shared securely so patients can feel confident that only relevant information is being shared at the right time to the right place. If patients are being ‘remotely monitored’ through wearable technology to check if they are taking their medication, or AI is monitoring patterns in data to predict, prevent, or treat diseases, only the necessary information is being transferred securely.
There are so many lifesaving benefits on the horizon using new technologies in healthcare, but can we trust hospitals and doctors with our data and ensure it doesn’t fall into the wrong hands? Personal information is extremely valuable and profitable, and with the amount of personally identifiable information (PII) stored in healthcare systems, this could be a hot target for cyberattacks.
Blockchain could help solve some of these challenges, putting a patient in the middle of the healthcare ecosystem. This could help patients gain more control of their overall medical data. For example, with a patient’s Electronic Health Record (EHR), blockchain could prevent that data from being changed or stolen.
Artificial Intelligence could also be used to support data privacy. Using AI to identify areas of personal information and then only providing that information to people with the right access and permissions could help improve privacy.
When you are starting or refining your data journey, you will probably need someone with the right expertise to support your business. Depending on the size and longevity of your project, it may make sense to recruit your own expert (a Data Protection Officer, for example), but they are in very high demand right now, so it may be a challenge to find someone with the right level of experience that works for your budget. The other option is, of course, to work with an external partner who can help you understand where you are on your data journey and build you a roadmap for the future.
Having good data strategy, privacy, and compliance can help give businesses a competitive edge. Identify areas of weakness or risk and highlight improvements and/or opportunities based on your existing data and processes. My advice is to make sure that the person who comes up with the strategy is either going to be there to implement it or is working alongside those who will be responsible for making it a reality.
For data privacy, look to explore:
How do you COLLECT your data? Are you gathering data sources both internally and from 3rd parties? Connecting to these different data sources securely and the preparation of automating the ingestion processes is important.
How do you STORE your data? Either on-premise or in the cloud, are you storing the data securely and running regular backups and deletion processes?
How do you GOVERN your data? Ensure you follow the latest regulations (such as GDPR) and make use of Master Data Management (MDM), automation, privacy, and security.
How do you SHARE your data? Are you tracking where the data is going and encrypting it at all times? Make sure only the right people have access to the data and manage their security permissions according to their roles and responsibilities.
What do you USE your data for? For example, when looking at patient predictions, EHR, real-time alerting, patient engagement, etc., make sure only the relevant data required is being captured, processed, or shared.
Alongside security, privacy is just one element of a much bigger picture when it comes to data, and together these ensure that you can keep the trust of your clients. Without that trust, it won’t matter how well you are processing the data to gain insights and streamline customer experience or tailor products to their needs, because clients will not want to use your products or services.