User Data Analytics: Challenges to Maintaining Data Privacy and Security Standards in a SME Environment
We are living in the day and age when all organisations need to rely heavily on fast and effective analytics programs to increase resilience to the disruptive (COVID alone is disruptive enough) business environment as well as be responsive to both internal and external shifts of the operational paradigm. Initially, ongoing analytics programs were mostly exclusive to larger organizations but by now, SMEs also need to learn and start using the Data Analytics techniques proactively. For many, this involves travelling along a learning curve as they have to embrace activities that they have not undertaken previously.
When new to Analytics, challenges to implementing consistent, valid and effective practices, procedures and processes are inevitable. Furthermore, for many of the SMEs, consequent responsibilities of working with the third-party data are often ‘’terra-incognita’’. In this article, I am going to discuss some of the key issues that SMEs need take into account and to treat with care (particularly when they are only starting out with Data Analytics) when working with the User Data.
Lack of Understanding & Appreciation for the User Data Ownership Concepts and Regulation
When getting started with Analytics, some of the smaller enterprises do not even consider that significant share of the data they are having at their disposal does not belong to them entirely and only…or does not belong to them at all!
The User Data may be very well collected and stored by the SMEs legitimately but it does not necessarily entitle them to full ‘’ownership rights’’ over the data sets. Furthermore, it may be collected from variety of sources and may even come with permissions to be used in certain ways – but this STILL does not provide allowances for unsecure handling or unconditional disclosure even internally, leave alone externally! In the contemporary (cloud-based) business environment, data ownership issues and rules are very complex and keep evolving. Even for larger organisations – staying abreast of the latest developments and regulations requires a significant effort. For SMEs – the challenge is obviously even greater!
The core difference between larger organisations and SMEs is that for larger enterprises, data governance is likely to incorporate establishment of separate management mechanisms and security policies based on the subset – the data belongs to. Therefore, they clearly differentiate between data ownership, data access and data custodianship. If the Data belongs to either access or custodianship category, they will most certainly not utilize the data throughout the analytics processes as their own without first establishing whether they have full rights to use the data/disseminate the analytics findings or not.
It should also be noted, that even when ownership rights for Data appear to be ‘’unconditional’’ for internal usage – taking the data to a public domain (e.g. making the analytics output available outside your organisation via a Digital Dashboard) or providing access to external parties – may also be against the legal and/or ethical standards. One analogy to be drawn here is that doctors have access to medical files of patents who visit their clinics and may be authorized to access those files as part of their roles of taking care of the patients, but they certainly can not share their ‘’impressions’’ of those medical files publicly, as well as pass these files around!
Data Sovereignty? Never Heard of It!
Unfortunately, to many SMEs – data sovereignty is a ‘’foreign’’ term. It should not be as in the contemporarily business environment that is borderless for many of the industries – there are still laws and regulations that are to be followed when data is handled globally. Data Sovereignty refers to the principle that data is subject to laws and governance structures of the countries where it has been collected. So when data is collected from citizens of country A, but the company is located in country B, and the data is to be stored on a cloud that is supported by a company in country C, with Data Analytics to take place in country D, with the Analytics results going to country E – there are clearly data governance avenues that need to be explored and finalized prior to commencement of all of the data explorations.
For larger organisations, the DS (Data Sovereignty) issues are by now more or less common to deal with and (along with other organisations they get to collaborate with on the data management processes such as for instance their providers of cloud services), they have mostly established processes and policies for data sovereignty issues to be addressed. As for the SMEs, DS issues are widely considered to be way too ‘’complex’’ to deal with. Not only it is a clear case of misconception (they are certainly manageable, subject to establishment of carefully targeted Data maintenance protocols) but it is also an essential legal obligation that must be followed! Non-compliance can land SMEs in muddy waters.
In conclusion, I would like to remind SMEs (and data analytics services providers that are servicing their Data Programs) that two of the greatest achievements of the contemporary data management technologies are a) relative user friendliness and b) affordability. Therefore, as far as maintaining data privacy and security standards is concerned, where there is a will – there is a way!
If you found this Article interesting, why not review the other Articles in our archive.