Data Privacy: 4 Things Business Professionals Should Know (original) (raw)

Data is a powerful resource that’s at the disposal of nearly every organization. It's collected every time an action is taken online, a product is purchased, and a patient visits a doctor. With so much data available, it’s beneficial to know how to use it to drive impactful decisions in your organization.

But what rights do customers have when it comes to their privacy? How can you navigate those rights and uphold their trust and safety? Data privacy is an imperative field to understand as a data-driven professional. Here’s a primer on what data privacy is and four things you need to know.


Free E-Book: A Beginner's Guide to Data & Analytics

Access your free e-book today.

DOWNLOAD NOW


What Is Data Privacy?

Data privacy, also known as information privacy, is a subcategory of data protection that encompasses the ethical and legal obligation to protect access to personally identifiable information (PII).

In the Harvard Online course Data Science Principles, taught by Harvard Professor Dustin Tingley, it’s explained that data privacy is made up of three key questions:

Considering these questions can help you determine how to ensure the privacy of sensitive data without hampering its usefulness to your organization.

Related: Data Governance: A Primer for Managers

Data Privacy vs. Data Security

There’s a distinction between data privacy and data security, which together make up the field of data protection. Although they aid each other and share common goals, they have different focuses and implementations.

Data security focuses on systems in place that prevent malicious external attempts to access, steal, or destroy data, whereas data privacy focuses on the ethical and legal use and access to sensitive data and PII.

To illustrate the difference, imagine you work at an e-commerce company that stores its customers’ demographics, contact information, and credit card details. Customers freely and ethically provided this information, and your organization is in compliance with applicable privacy laws. The data is only accessible to members of your organization who need it to do their jobs and securely stored in an internal database. Data privacy encompasses all of these measures.

Now, imagine a third-party source tries to hack into your company’s database with malicious intent. This is where data security comes in. Two-factor authentication, data file encryption, and virtual private network (VPN) access are all examples of data security measures that can help protect your customers’ sensitive information and identities.

Data security and data privacy work together to ensure your customers’ safety and anonymity. Here are four things you should know about data privacy to help your organization collect and handle data with ethical and legal integrity.

1. What Constitutes Personally Identifiable Information?

Personally identifiable information is any information that can be linked to a specific person. Examples of PII include:

The Importance of De-Identifying a Dataset

When non-identifiable information is linked to PII in a dataset, an individual’s privacy is lost. It’s of the utmost importance that consent is given before any PII is collected or made public. To protect privacy, one tactic is to de-identify data, or remove all PII from a dataset.

For example, if your company is tracking spending habits across various demographics, remove customers’ names, contact information, address, and credit card details, leaving only their demographics (for instance, age and gender) and purchase history. This ensures your company can still analyze variables of interest without putting customers’ privacy at risk.

The process of de-identification requires you to critically think about connections that can be made through data so it’s truly de-identified. Harvard Professor Latanya Sweeney, who’s featured in Data Science Principles, conducted research to discover how easily de-identified data can be re-identified. Re-identification is the process of combining two or more datasets to reveal identities, and it presents a significant threat to privacy.

In the course, Sweeney explains that information often assumed to be anonymous—like birthdate, gender, and ZIP code—can be linked to specific individuals in public, non-de-identified datasets, like voter lists.

“Eighty-seven percent of people in the United States are estimated to be unique based on date of birth, gender, and ZIP code,” Sweeney says. “If somebody takes a dataset that’s supposed to be anonymous and re-identifies the people in it, all kinds of harm can happen.”

2. How to Protect Data Internally

While your company may collect and store customers’ data, all employees shouldn’t have access to it. PII should only be available on a need-to-know basis within an organization. This prevents any accidental, or purposeful, misuse or publication of sensitive information.

Here are some simple but effective tips to secure data internally:

Although some of these tips seem like common sense, they can go a long way in ensuring your customers’ data remains in the right hands.

Data privacy is a legal responsibility with strict guidelines and repercussions. The laws that apply to your company depend on location and the type of data you handle. Familiarize yourself with the laws that pertain to the locations of your business and customers.

Here are a few examples of data privacy laws, who they impact, and what they generally require. In addition to data privacy, many of these laws include mandates pertaining to data security.

General Data Protection Regulation (GDPR)

The GDPR is a data protection act passed by the European Union in May 2018. This law applies to any person or company that handles the data of Europeans. The seven pillars of the GDPR are:

The GDPR is extensive and, at points, vague. If you’re collecting data from customers who live in the European Union, give this law a thorough readthrough to ensure you’re in compliance.

California Consumer Privacy Act (CCPA)

The CCPA, passed in June 2018, protects California citizens’ right to be aware and in control of what personal data businesses collect and store about them. The law comprises four key individual rights:

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a law passed in 1996 to protect the medical privacy of US citizens. The HIPAA Privacy Rule was put in place to provide explicit guidelines for any person or organization that handles medical data. This includes:

The HIPAA Privacy Rule aims to protect individuals’ rights to know and control who has access to their medical data and understand how it’s being used. It protects their right to privacy while still allowing for the transfer and use of data to drive medical advancement.

Related: 3 Applications of Data Analytics in Health Care

4. It’s an Ethical Responsibility

Data privacy is not only a legal matter, but an ethical one. The ethics of data privacy can be boiled down to the fact that an individual’s consent is necessary to collect, store, and use their personal information.

The powerful nature of data can be enticing, but it’s important to judiciously use PII. Remember: There are real people behind your data points. They have identities and lives that could be at risk if their sensitive data ends up in the wrong hands, which makes your precautions and transparency well worth the effort.

A Beginner's Guide to Data and Analytics | Access Your Free E-Book | Download Now

Protecting Your Customers’ Data

Your compliance with privacy laws, internal precautions, and efforts to de-identify data help uphold your customers’ safety and right to privacy. In giving you their consent, they’re trusting you to protect their information and use it for a specific purpose—whether that’s identifying a trend that could lead to a new product, tracking spending habits to personalize their shopping experience, or backing a decision to increase funding for a specific health care initiative.

Understanding the ethical, legal, and logistical foundation of data privacy enables you to maintain their trust and use data to make a positive impact.

Are you interested in furthering your data literacy? Download our Beginner’s Guide to Data & Analytics to learn how you can leverage the power of data for professional and organizational success.