Ai Editorial: Establishing a proactive data protection mechanism

17th January, 2020

Ai Editorial: Data security and privacy-related initiatives are now a priority, and travel merchants have to embrace proactive and appropriate tools for the entire organization, writes Ai’s Ritesh Gupta


It is imperative for organizations to capitalize on personal data, and at the same time address concerns pertaining to privacy and misuse of such data.

So if on one hand, travel merchants are sharpening their initiatives associated with collecting, sharing, analyzing and processing data, on the other it has to be ensured that data is secure and complies with the latest data privacy regulations. The arena continues to evolve with relatively new regulations, including the General Data Protection Regulation (GDPR), which came into force in May 2018, and the California Consumer Privacy Act (CCPA).

Some crucial topics that are being discussed are how to protect data at the source level, how to avoid heavy data exfiltration,  what does constant modernization of data operations entail etc. Also, what are the requirements of privacy laws- opt-in and opt-out options?

Gearing up for data privacy challenges

Certain areas that demand attention are:

  • Data governance: As IBM Analytics recommended in a presentation at one of Ai’s conferences in the past, working out a robust data governance tool is must. Profiling each data to answer who, what, where, when and how, and to make this metadata available is fundamental. Basically, for each data, you need to understand what is the data all about, who owns it, where did it originates, where is it kept, when did it get there, and how is it processed. Only via such tool, a merchant can deal with vital components such as the "right to be forgotten" article in GDPR since data subjects have the right to request the deletion of their data and not to be contacted again. A registry that provides directory services to point to where customer data resides in different systems in a company is must, too.

Plus, IBM also recommends an operating model – starting with an assessment across governance, people, process, data and security, then finalizing standards that cover governance, training, communication, privacy, data management and security management. Post this, there is provision for  detail data discovery and embed standards, procedures, and tools to enhance existing processes. And there is also necessary training to ensure skills transfer. Finally, all relevant business processes and security control are executed.

  • Understanding consent requirements: With various privacy laws that exist today, organizations need to comprehend consent requirements. What does consent entail? That’s the first step. For aspects such as the “right-to-be-forgotten” one, companies need to rationalize the entire process, especially considering that data is distributed in several ways and tends to be hosted in cloud-based and on-premises environments.  Being in control of what and where (in terms of deployments)  data is stored become critical. A privacy-by-default approach to data storage becomes must.
  • Protection teams: Organizations also need staff with expert knowledge of data protection law and practices, risk assessment evaluation (data breaches and cyber attacks) etc.  

This approach is becoming a necessity, considering that fact merchants not only need to counter the threat of a breach via a risk-adaptive defense mechanism, but also for ease of operations for any entity operating in the connected digital landscape. Projecting how the cybersecurity strategy is going to shape up in 2020, Forcepoint indicated that the same will move from “indicators of compromise to indicators of behavior” and will focus on comprehending risks that lie within and the importance of preventing data theft no matter the user, device, transfer medium or cloud application.


Keen on exploring data privacy and protection issues?

Check-out Ai’s conferences scheduled for 2020: