Under the CLOUD Act, companies registered in the United States are obligated to share with U.S. authorities data belonging to foreign entities. France’s top cybersecurity official, Guillaume Poupard is working to stop that practice. Poupard, who is the director general of ANSSI–France’s cybersecurity agency–wants to stop cloud providers like Microsoft, Amazon, and Google from sharing…
Data governance is a common imperative for most if not all organizations, and that regulatory imperative has created an industry of tech and tools to assist with cataloging, storing and protecting personal data for organizations. Because of the disorganized and scattered emergence of regulations, vendors within the data governance industry have shaped how larger organizations handle governance, according to Inside Big Data, which notes that, traditionally, this meant that the phrase “data governance” has been “synonymous with the particulars of data modeling, data quality, metadata management, data provenance, business glossaries, lifecycle management, and data stewardship.”
Under this traditional model, organizations have focused their efforts on enterprise-wide policies and tactics to achieve compliance. For example, according to this eWeek article, data modeling was used to provide “a visual representation of data elements and the relations between them.”
These models defined the logical structure of the data an organization possessed, and how that data was processed or stored in these information systems. This permits information systems creators to see the layout of an information system before it has fully evolved, allowing them to shape the approach as it grows. And due to the specificity and particularity of any given organization’s policy, many various data modeling formats and tactics have emerged. So how should organizations pick the ones they need?
According to Inside Big Data, after the use of data modeling to create the information system, organizations traditionally utilize additional policies and systems to ensure that all data be “rigorously” defined, so that organizations can assess how data should be treated and who should be granted access to each of the component pieces.
In stark contrast with these traditional views of data modeling, a new data modeling industry approach has evolved. Recent rapid advancement of regulatory efforts and emerging technologies have curtailed vendors’ influence. According to Inside Big Data, “data governance” today is far more “synonymous with access control mechanisms, security, and regulatory compliance.” Those left pushing the traditional approach have been forced to adapt to current industry focus or become obsolete.
Currently, organizations are subjected to mandates and requirements surrounding consumer rights, reporting requirements, and data management. These considerations have always existed in the industry, but in a more “passive” role. The recent shift has been attributed in great part to the increase in technology, regulatory effort, and data incidents that have threatened consumer privacy.
Whatever the reason, Inside Big Data source states the industry pressure has led many boards and chief executive officers (CEO) to ensure adherence to data governance parameters. This is likely due to the “stiff monetary penalties for noncompliance to regulations.” For instance, the $100 million-dollar monetary fine that was assessed to Zoom for data governance violations. As this trend evolves, the C-Suite should be having these conversations about approaches to data modeling and governance and determining how much influence their vendors should continue to have.
* * * * * * *
For ADCG’s Breach Report and more news updates discussing: India’s progress on Data Privacy halts; Security progress related to the Internet of Things (IoT); and three global privacy trends to be aware of, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Peter Halprin, a partner in Pasich LLP’s New York office, joins Jody Westby on our Privacy and Cybersecurity podcast this week to discuss the lack of standardized applications, premium hikes no matter how good your cybersecurity program is, nation state-sponsored cyber-attacks and the war exclusion clause, and regulators running rampant. New Podcasts are generally released every Thursday and can be downloaded here. They can also be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!