The legal environment for big data is becoming ever more complex and risky. Navigating a route through this legal minefield will protect businesses from a range of dangers, including financial and reputational damage, and will also create new opportunities.
It’s the ranking that no organization would ever wish to top: the businesses vying for first place in the league table of major data breaches have each suffered attacks that saw around 150 million user records stolen.
The incredible scale of such attacks underlines the dilemma organizations face as they seek to gain insight by exploiting their data. The information they hold on customers not only has huge potential value, it also carries great risk.
With regulators and governments the world over increasingly focused on that risk – and anxious to protect consumers and others – the legal dangers that a digital enterprise must confront continue to grow.
The exact nature of these dangers will vary by organization. It will depend, for example, on where the business is based (though data-focused legislation is increasingly cross-border) and the industry in which it operates.
But developing a strategic response to the legal risk inherent in big data and analytics must be a crucial priority for all enterprises seeking to generate value from the information they secure, store and process.
This response will require businesses to:
- Confront legal issues on an enterprise-wide basis
One problem holding many companies back as they attempt to exploit their data is a “silo” approach, in which different functions or business units pursue their own projects in isolation. This cannot be allowed, as what happens in one part of the organization will have implications for the rest.
- Identify problematic data
Having accumulated information over a number of years in all sorts of different ways, too many organizations have a poor grasp of what data they hold. New information-management processes and technologies are crucial if businesses are to cull outdated, unnecessary or incorrect data. Some may even be unwittingly holding legally questionable data.
- Build new structures for legal issues
Just as organizations approaching data maturity have built new governance structures to lead their digital transformations, businesses will need architectures capable of confronting legal challenges. Roles such as chief privacy officer are likely to become much more common – and may attain similar levels of seniority to, for instance, chief risk officers.
- Create a virtue of the necessity for data privacy
With consumer awareness of privacy and security issues now heightened, legal compliance can boost the reputation of a business. Microsoft, for example, has run advertising campaigns highlighting its data protection standards.
- Consider the customer in all legal decisions
Companies that think about the interests of their customers as they consider their data will stand a better chance of not falling foul of the law. Crucially, these businesses also have an opportunity to build stronger relationships with their customers, which may in turn boost the amount of data they can access.
The bottom line is that making the protection of personal data part of the enterprise’s culture – above and beyond the legal requirements – is a valuable opportunity to generate trust and, ultimately, to add a competitive edge.
Failing to do so, meanwhile, leaves your organization far more vulnerable to financial, legal and reputational risks.