We’re excited to bring Transform 2022 back in person on July 19 and virtually July 20 – August 3. Join AI and data leaders for insightful conversations and exciting networking opportunities. Learn more
If you spend time reading a company’s latest quarterly results, there will no doubt be discussion about how much they invest and how good they are at analyzing and using information. Silicon Valley is full of companies dedicated to creating, consuming and analyzing massive amounts of data. We’re told that data is a currency whose value increases as increasingly complex, sophisticated technologies are applied to gain insight. However, if data is not only a currency, but also a debt instrument, its net asset value can quickly turn negative.
The Value of Old Data: A New Calculus
The value of information is clear: it is needed in almost all functions of an organization, from small local businesses to the largest financial services and technology companies. But information risk calculations remain inconsistent. Information security-related risks have been highlighted by commentators, breaches and ransomware attacks.
But even with these known risks, organizations often struggle to remove, well, everything. There are three main reasons why companies are reluctant to remove data: (1) its potential value or use in the future, (2) legal or compliance concerns related to looting or the removal of the wrong information, and (3) a incomplete picture of information across the organization.
The first problem is often the most difficult to solve. Marketing, sales, development and product teams have an insatiable appetite for data to deliver results. The idea of removing information, even nominally used today, that could yield unique insights in the future is terrifying. And the ever-increasing sophistication of analytics capabilities offers the opportunity to draw subtle conclusions without significant incremental investment.
In contrast, legal and compliance issues generally become more manageable. For a long time, the risk of looting in court proceedings, or inappropriate/accidental deletion of company data, far outweighed the benefit of deleting something. Legal and compliance teams have been battered by more than a decade of lawsuits and regulatory enforcement actions that put data issues at the forefront. But this experience also taught these teams that there are risks associated with information, and they can see that the calculus of data retention versus data deletion is changing. In addition, early experience with global privacy requirements, such as GDPR, has provided further risk validation.
The new calculus is based on a balance of variables and a multiplier associated with sensitive information. First, all parts of an organization must accept that owning information carries risks as well as value. Second, sensitive information that can provide a high level of insight carries an equally great potential risk. Finally, companies must develop effective means to dispose of information they no longer need once the value and retention obligations have expired.
The big new variable: privacy
The insurance industry is not often seen as a driver of change. It is highly regulated in most jurisdictions and has developed risk models based on a long history of claims and events. In fact, these dynamics have forced the industry to adapt slowly to change, requiring significant retrospective data analysis and long data retention periods. And yet we can see that the insurance industry is now quietly leading the new charge.
Long before big data, machine learning, and advanced analytics ever graced the latest technology journals, actuarial science had blazed a trail in the insurance industry. However, the analyzes were largely backward-looking, based on similar past events, to predict future risks. In recent years, the insurance industry has adopted practices that create massive amounts of information, which is consumed in real time, to develop its models. In the process, the industry created new risks, which it is still trying to fully understand.
For example, many insurance companies now offer potential savings on car insurance if they can track driving behavior in real time. These applications capture vast amounts of information of duration, distance, acceleration, speed and other characteristics for a particular individual. This allows the companies to create risk models and change funding ratios based on this analysis. At the same time, they create huge amounts of sensitive private information.
Insurance companies are now also developing insurability scores and models based on extraordinary aggregation of publicly and privately available data. The aggregation of this data includes some of the most comprehensive representations of an individual’s habits, practices, and personal information. It is constantly updated by them, suppliers and third-party suppliers, and feeds any number of models, systems and automated processes.
All this data creates value in developing risk models and serving customers. But it also generates a huge amount of highly sensitive, private information.
Actuaries at work
The National Association of Insurance Commissioners (NAIC) is an organization that few have likely encountered. Insurance regulation is largely state-based in the US, and NAIC creates standards and model rules to be adopted as practices by insurance companies or enshrined in laws or regulations. The NAIC has a history of model rules related to information security, data retention, and privacy, aimed at protecting information and organizations, and data availability to regulators. However, with new statutes passed in many US states and experience with the EU’s General Data Protection Regulation (GDPR) regulating the use, access and rights associated with information, NAIC realized that a more privacy-oriented model was necessary. .
Through a working group, they sought to distil obligations and lessons from the GDPR, along with the CCPA, CPRA and CDPA, and provide a common set of requirements, including:
Right to opt-out of data sharing Right to restrict data sharing, unless the consumer chooses Right to correction of information Right to erasure of information Right to data portability Right to restriction of data use
The elements aren’t particularly unique, but the insurance industry was one of the first to realize that the sheer magnitude of what they can encounter from a privacy perspective could overwhelm existing technologies and practices. Almost everyone in global developed markets is an insurance company customer. What happens if only a fraction exercises any of the above rights? It will reduce the number of custody requests being processed for lawsuits or regulatory purposes. And what about all the sensitive information that should no longer be kept, but has never been deleted?
Burning the undergrowth: determining the value of your data
Companies must adopt practices and technologies that address the full range of privacy obligations in the EU and emerging in the US. It is a crucial first step to rid your organization of information with limited value or after the retention period. Many organizations have struggled with routine data deletion; now they need to prepare to do this on demand, possibly from many of their customers.
Like forest undergrowth, information has value to some degree. It then risks burning the entire forest if not managed or removed. Organizations need to start by establishing the value of information and a clear understanding of what undergrowth and risk means. Then they have to light the match and burn what they should not have or no longer need.
George Tziahans is General Manager at Breakwater Solutions.
DataDecision makers
Welcome to the VentureBeat Community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.
If you want to read about the latest ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.
You might even consider contributing an article yourself!
Read more from DataDecisionMakers
This post It’s time to light the match and burn your data
was original published at “https://venturebeat.com/2022/03/26/its-time-to-light-the-match-and-burn-your-data/”