This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Yahoo recently unveiled details on a cyber-attack in 2013, admitting that the company might have lost sensitive information on up to one billion accounts. This extensive hack, cited as the 'greatest data breach in history', has drawn the world's attention to how data has grown into an important, sensitive asset that companies must manage carefully.
Today, when organisations choose a data platform, it can have an immediate impact on their business continuity. One aspect of a data platform that should be carefully considered is its compliance with different levels of data privacy rules. As most businesses are becoming global, they need to think about the implications of different privacy rules, which may differ across the globe.
In the United States, data protection legislation covers only certain industries, unlike Europe which has possibly the most stringent standards in the world with a single overarching privacy law. The establishment of the European General Data Protection Regulation (GDPR) earlier this year, and the revocation of the Safe Harbour agreement, aims to standardise rules and requirements regarding data privacy and protection, putting pressure on companies with regards to how they handle customer data. For instance, American companies including Facebook and Google had to spend significant resources to restructure the different management, storage and usage strategies of data acquired in Europe.
From a consumer perspective, some businesses may be considered as taking excessive liberty in accessing and tracking customer data. For example, in October 2016, ride-sharing giant Uber optimised many features on its mobile application - but also sought permission from users to acquire location data even when users were not using the application. Undoubtedly, this caused a divide in perspectives. Uber took the position of streamlining operations and improving precision, but some customers were alarmed at what they saw as an unnecessary, invasive acquisition of highly personal information.
As customers begin to understand the implications of businesses accessing their data, such as with Uber, data sharing restrictions and privacy obligations start to have a greater impact on organisations. According to a Dell Study, many APAC firms are ill-prepared for new EU data protection laws. Given that Asia is mostly influenced by European standards, companies in the region would have to be extra mindful of data protection regulations or risk lawful action against their business. For instance, recent enforcement actions against eleven organisations for data privacy breaches in Singapore revealed the lack of security measures to protect personal data of customers.
Thus, when it comes to choosing a data platform, organisations need to understand their geographical business coverage and the data privacy and protection rules to which they are subject. Businesses should always ask the data platform provider for the list of data privacy rules with which they comply. With ever-changing rules, such as the revocation of the U.S.-EU Safe Harbour agreement, businesses should select a provider with a track record of providing the highest level of compliance, which can prevent the business from taking on unforeseeable risks.
Sign up for CIO Asia eNewsletters.