APIContext partners with Akamai to expand advanced API monitoring adoption. Learn more >

Managing privacy in the data layer is not enough

Many modern privacy programs have robust data capture and review procedures. Data is collected across the organization, and consolidated in a data warehouse for further analysis.

Once in the data store, there are all kinds of data retention and evaluation rules attached to it. Data can be set to automatically purge after a period of time; it can be analysed to create customer profiles and audience segmentation. Personal data can be used to create lookalike profiles. It can also be used to triage product or customer issues and for product enhancements.

Maintaining personal data in the data warehouse is relatively straightfoward, but can come with many unforeseen complications.

First, there is just too much data. The amount of data that is being generated and added into data warehouses is growing dramatically. Further, the data objects that can be used and combined to derive personally identifiable information continues to grow. For example, location data collected from multiple devices can grow quickly, and once one of those devices is attached to a customer identity, you can correlate many other devices to the same identity based on co-location. Now the entire data set contains personal data. This presents an arms race for data computation, where running analysis on the dataset only gets more costly over time.

Next, user-generated data has a range of quality. An age gate with a drop down will prompt many people to report an inaccurate year of birth, just to move through the customer journey. On the other hand, shipping address information from an e-commerce purchase is typically highly accurate. Measuring and de-duplicating data quality issues is an ongoing task.

Finally, most personal data is missing fundamental purpose and consent information. This makes it impossible to use data appropriately, because we don’t have a meaningful understanding of what the data subject wants to happen with their data assets.

Privacy practices that only work at the data warehouse layer will never be enough to manage consumer expectations. Privacy must move into the runtime and operational teams to manage personal data flows in transit. This allows for real opportunities to collect durable consumer consents; and it also reduces data sprawl and the associated attack surface risk.

Monitoring personal data in motion prevents the wrong data from being collated in the first place, like respecting a “No Entry” sign on private land. When privacy workstreams address personal data at rest and in motion, we will have the ability to meet customer expectations.

Share

Request A Demo

Find A Slot To See A Demo Or Speak To One Of Our Support Specialists

Ready To Start Monitoring?

Want to learn more? Check out our technical knowledge base, or our sector by sector data, or even our starters guide to the API economy. So sign up immediately, without a credit card and be running your first API call in minutes.

Related Posts

Join Us Now!

Join the 100s of companies relying on APIContext.