Maksim Kabakou - Fotolia
Security Think Tank: Data privacy not in isolation, but on a spectrum
The gap between data privacy and data governance is narrowing, and security leaders need to be aware of the implications, says KuppingerCole’s Anne Bailey
We all know data privacy does not exist in isolation. It is not a solitary indication of an enterprise’s morality and compliance, separated from the operations and lifeblood of the organisation. As an indication of this, we are beginning to see a convergence between previously distinct market segments: the privacy and consent management space, and data governance.
Data privacy of course includes compliance, attention towards data minimisation and valid purposes for processing personal data. We call this segment privacy and consent management, which delivers administrative and governance capabilities over data privacy. It aims to enable compliant data collection and monetisation while enabling the privacy choices of end-users.
At one time, this could have been considered a completely separate market space with unique goals and capabilities. But this is slowly morphing into a spectrum where suppliers are taking on the goals and capabilities of another segment.
The other end of our spectrum – data governance – strives to manage data in order to further harness it for insights and optimisation, as well as fulfilling compliance requirements. It should give an overview of the location, access and policies over both structured and unstructured data. As we aim to optimise data privacy within the enterprise, data governance is becoming a gravitational force pulling privacy and consent management solutions closer to access governance solutions for the overall care of external consumer data.
The sorts of capabilities that we see in the middle of the spectrum enable the organisation to act. For example, data discovery and mapping capabilities are appearing in both data governance and privacy management solutions, which equip the enterprise with the knowledge of what data exists in the organisation and where it resides.
This knowledge enables informed decision making to then improve the data posture of the organisation, optimising collection, processing and use of data. Other converging capabilities are artificial intelligence/machine learning automated summaries and compliance gap analysis, again providing knowledge for action.
It is clear that the distinctions between privacy management and data governance are becoming less defined. That does not mean you should only consider solutions that fall into the centre of this spectrum. When working to optimise data privacy for the enterprise, consider the narrowing gap between data governance and data privacy solutions. Clearly define the requirements that your organisation has regarding data privacy and determine where your needs fall on the spectrum between privacy management and data management.
Anne Bailey is an analyst at KuppingerCole, and a specialist in emerging technology