110 likes | 269 Views
Practical Data Governance and Privacy Advice for Data Fusion Aficionados. Steven B. Adler Program Director, IBM Data Governance Solutions. How many attended this event last week?. Aggregating Data Across Stovepipes makes Data more valuable.
E N D
Practical Data Governance and Privacy Advice for Data Fusion Aficionados Steven B. Adler Program Director, IBM Data Governance Solutions
In data sharing environments, stovepipes get in the way … and we have to collaborate to protect data and people Complex siloed organizations, processes, applications and infrastructure make it difficult for intelligence decision makers to effectively make the right decisions
Questions from Event • 43 Fusion Centers and DHS Mentorship on Info Sharing • Who is mentoring the downstream recipients of the data on Privacy controls? • How many resources are devoted to privacy protection? • Who audits data usage? • The farther data gets from the fusion “center”, the harder it is to protect.
Data is Dumb • People add human knowledge to data to create intelligence • On top of raw data, people have opinions, and often those opinions are recorded as facts. • A lot of data lacks credibility • Who is certifying data quality? • Who is tracking changes? • Who cares about data integrity and verifies the identities of each recipient?
Recognize Bias • People are curious about other people, and they bring their own biases when they look at data • A law enforcement person looks for criminals • A privacy person looks for victims • In a democracy, you want both in the room • It is not always good people searching for bad • A lot of people, with different motives, will view personal data in a data fusion supply chain • A lot of law enforcement agencies have ancient technology • A lot of data uses can’t be predicted
Avoid Group-think • There is no single source of truth – encourage dissent • Privacy Protection and Data Governance are about organizational behavior • People need to be trained to think about privacy protection as a fore-thought. • Include privacy professionals, auditors, and IGs in your decision-making process • Develop oversight processes that do not impede decision-making • Create a SORN and publish non-confidential facts about citizens • Transparency creates its own checks and balances
Data Minimization • More Data is more Risk • Fusion data is a richer target for organized crime • Law enforcement itself often lacks skills to protect its own data • Fire, ambulance, and emergency teams too • Data may start electronic and structured, and get communicated unstructured and print. • Data Minimization – calibrate your data sets based on your customer’s need to know. • Protect your data through omission
The World is Changing: our kingdoms have no borders Castles don’t keep Barbarians out • The enterprise perimeter is at the database • Public sector out-sources data sharing • In growing, decentralized data supply chains • Every link is an exposure • Every data element is a risk • The Network is the Enterprise • Data disclosure is an omnipresent risk The Maginot Line
Data Governance and Privacy Issues • What does our governance model look like? • Who is responsible for governing? • What policies are in place? • Who writes policies • How do they get approved/changed? • Which Data should we worry about? • Where is all the data? • How much is the data worth? • What are our vulnerabilities? • How do we classify risks? • Which risks do we accept, mitigate, transfer? • What controls are in place? • Who pays for the controls? • Where do we put the controls? • How do we measure progress? • What do audits tell us? • Who gets that information? • What do we tell the public?