Do you know where your data is?

Every day both you and I expand our digital footprint in a multitude of ways. Big Data business continues to grow and our data is collected and analysed in mass. Moreover, enterprises have the increasing need to work across sites and geographical locations, migrating data between clouds. Our data is potentially scattered throughout the internet- do we actually know where our data is, how it is being processed and the associated effects? How can we better manage our data and keep on top of where it is in the global, physical and virtual spread?

Regulations leave no room for error

This area is becoming more and more important. Not only are consumers more aware of the value attributed to their data, data processors must know where the data that they are processing is stored, how the data is being used, and must be able to warrant access to this data-when the individual (to which the data belongs) demands access to it. Also, they must ensure that the data is secure at all times-no matter what!

Data protection regulations are stricter than they have ever been and the individual’s rights are at the forefront of this. Their security and privacy must be guaranteed. A global shift in the way in which data is controlled is emerging and it is occurring at a speed that most businesses are struggling to keep up with. Many businesses are not prepared for the changes involved and a lot more work needs to be done!

How did that get there?

On average three types of data are of interest. These include: volunteered data (social media sharing, voluntarily shared data), observed data (this is data captured through logging actions, such as location data from mobile phones) and inferred data (linking all the data points to build an image).

Now take a look at how easily this can come together…

Via the internet, you can purchase anything. Every website is tracing your every move, and so can you trace that of someone else, due to everyone’s obsessive need to continuously share everything. Data is everywhere and current! Everything done online is logged. Some of this data we choose to give up through social media or other online tools, but data is also being shaped as a result of us simply going about our daily lives. All the messaging apps, banking apps, search engines, email clients, social media etc. are all processing our data. Furthermore, we are oblivious to where this is happening, how our data is being used and are unaware of the security provided to our data.

Social media feeds are persistently updated. People are continually updating their profiles with their current location, what they are doing, or where they have been or where they are going. Few people think about the data that they are uploading and many believe it only exists within their profile (if they delete it, it is gone!). Yet many are very mistaken. The more we share our data the easier it becomes to lose track of it. Large organisations such as Google and Facebook function through the use of personal data, yet consumers of these platforms have little understanding of the data trail that they are generating across the internet. We do pay a price to use these ‘free’ services and it is with our data!

All our data is being collected and processed. When we take part in a quick online survey or shop online or even scan a loyalty card. When we send an email, or receive and email. Other examples include Internet of things (IoT) and Big data.

IoT technologies are now commonly found in many of our homes and businesses and are an additional source for large volumes of data gathering. Moreover, these devices are becoming more necessary in our lives as advancements continue and soon we will not be able to avoid them.

Big data is used by businesses to learn about their customers and better understand them. We leave a digital trail of structured and unstructured data online when we go about our business online and the consolidation of this data is used by organisations. Although the data is not unified, everything you do online is a data reference and can be processed. Types of data may include, photographs, text, voice and video. Patterns are created using all this information.

This is a small demonstration of where our data is coming from nonetheless all this data from numerous paths is captured, analysed, shared, transferred and stored. The problem is majority of us are not keeping track of our data or the security of our data and some do not even offer it a second thought.

We need to decide the value to attribute to our data. We need to be knowledgeable of how our data is being used so that we can make informed decisions as to when it is worth us submitting our data and to understand when it is not.

Our digital world leaves a digital trail which is diligently followed by those that wish to profit from it.

With the advancement in automation and interconnectivity, systems are storing and processing our data and many of us are unaware. Data protection legislation will help to ensure that management of our personal data improves but what else can individuals and businesses do to better protect their most valuable asset, their data?

Where is my data going?

Your data shared on social media, email data, stored data and so on is mostly stored in the cloud. Data is seldom stored in physical files, or on physical servers but in a virtual realm that not many of us know much about. The cloud is a virtual environment, it is not tangible yet this is where most of our data resides. The cloud has become the norm and accepted.

Thus, when our data goes to the cloud we are handing our data to a provider. Most providers have data centres in a multitude of locations, countries and even continents. Our data moves from location to location too, it does not necessarily have a fixed residence. It is difficult to be sure of where your data is stored and a lot of the time providers are even unsure.

If the option is available, businesses can choose to have their data reside in a country of choice however, many don’t follow up to make sure that this is actually happening. Consumers are often not provided with this luxury.

Data moving between countries can raise concerns too as different rules and regulations apply to data depending on it’s geographical location. Furthermore, differing levels of security are provided to that data.

Data is traversing geographical boundaries all the time as businesses are communicating across sites. This is a convenient way of doing business as data can be accessed no matter the location or time but the uncertainty regarding data location remains and must change rapidly if it is to meet inevitable stringent data protection regulations.

Looking after your data

The GDPR (the EU General data protection regulation which has global reach) is one regulation that is emphasising the importance of data security. There is now further clarity regarding data protection and globally organisations are finding that they need to get onto the same page with regards to this. The security and privacy of peoples’ data is important and organisations (big and small) processing personal data must comply with the regulations. Peoples’ data rights are at the forefront and the regulation aims give people a better understanding of what is being done with their data and gives them more control over their data.

As for the organisations processing the data- they need clarity on the data that they are processing and unambiguous consent from the individual before doing so. Moreover, they will need to know where the data is located at all times as to not overstep the individual’s data protection rights which include: the right to be forgotten, the right to data portability, limited retention of data and the lawful processing of data.

All these data issues need to be sorted out. Legislation is changing and businesses will no longer be able to get away with noncompliance (as many have been doing for so long) when it comes to data processing and data security. Additionally, there should be no excuse in this day and age for consumer ignorance regarding data. Data needs to be managed correctly by everyone.

An improved approach for businesses to take

• Place more focus on managing and securing the data rather than the device or the data centre.
• A complete understanding of the data that you process and how you process it is fundamental.
• Know that all data is not equal. Classify the data and prioritise security to reflect data value.
• If you don’t need it, don’t collect it or store it! Be efficient with regards to the data you process.
• Make sure policies and frameworks are workable and enforceable irrespective of data location.
• Ensure infrastructure is adaptable and scalable for future data needs.
• Store data securely, irrespective of location.
• Remove legacy tools and practices.
• Whenever possible backup in real-time.
• Ensure data recovery is well rehearsed and keep testing methodically.
• Secure all data.
• Encrypt and authenticate always.
• Prepare for and anticipate the worst

And consumers…think before posting!

Some things are just better kept private. The more you share, the more ‘digital crumbs’ you drop for someone to follow, gather and use- both maliciously and not. Decide the value that your data holds. The concept that data is a valuable asset must be understood by all. If more of us understood this concept, many would think twice before updating their social media accounts or quickly filling in an online form. Is it really necessary for your entire following to know your every move? The more we give away, the more of our data is out there, scattered across the globe and the more vulnerable we are to attack.