With increasing concerns about data protection and privacy, there has been a lot of talk about the importance of enabling people to own their own data.
What does this mean?
Let’s take Facebook as an example. A user will register with the platform and fill out some basic information about themselves. After that they will likely start adding friends, posting updates, uploading photos, and so on. The problem here is that Facebook essentially owns your data, as in, your credentials, private conversations, likes, dislikes and posts, are all stored on their servers. What they do with that data, we don’t really know.
Now, new technologies and initiatives are emerging that are enabling users to keep their data separate from the applications that use them. Tim Berners-Lee, the inventor of the World Wide Web, is currently developing a project called Solid (Social Linked Data). The objective is to give each user their own “pod”, which is where their data is located. The pod has its own ID, and the owner can store their pod wherever they like. Using their “web ID”, the user can login to supporting platforms, and grant or revoke permission to their data, as and when they choose.
Another technology gaining attention is digi.me. Digi.me is a personal data aggregation platform that enables Private Sharing of personal data by users who are given an app to download and personally hold their encrypted data securely. Organizations can use the platform to get better data about their users, obtained ethically and with full consent and complete privacy, which provides more value to consumers and brands. Digi.me never sees, holds or touches any user data.
If businesses still require access to sensitive data, you might ask, what’s to stop them from using this data inappropriately? In the same way that you can’t un-see or unhear something, you can’t take back your data after you have shared it with someone. This is a valid point; however, businesses will only be granted access to the data they need. For example, they don’t need access to your login credentials, nor do they need access to your private chat messages.
In many ways, businesses benefit the most from enabling users to own their data, as it’s one less thing for them to worry about. They no longer need to host, maintain or secure a database full of personal data. This will save them time and money in terms of minimizing data breaches and complying with regulations. Additionally, if they are not storing large amounts of personal data, there will much less incentive for hackers to target them.
This is great, however, there are more things we need to consider. Firstly, businesses will still need an data access governance solution to prevent employees gaining unauthorized access to sensitive data, regardless of who owns it, or where it is located. And if they are allowing employees to access sensitive data, they will still need to enforce a strong password policy. They will still need to analyze user behavior, including who is accessing what data, and when, and pay close attention to who is copying information from one place to another.
Technologies, such as those listed above, will no doubt play an important role in the future of data security, but shouldn’t be seen a magic bullet. As with blockchain technologies, they can’t prevent organization’s violating privacy laws. They can’t protect organizations from ransomware attacks. They can’t prevent a disgruntled employee from leaking confidential documents, which they have legitimate access to. Data is data. Once it has left the hands of the owner, businesses will still need to secure the data in much the same way.