Expert: Information management can also lead to a massive value proposition in being able to tap into governed data for business insights.
TechRepublic's Karen Roby spoke with Kon Leong, CEO and co-founder of ZL Technologies, a data management company, about data privacy and governance. The following is an edited transcript of their conversation.
Karen Roby: Kon, it's been said many times before when talking about enterprise tech and privacy legislation, that if it hasn't started already, it is time for the enterprise to really rethink management through data.
SEE: Security incident response policy (TechRepublic Premium)
Kon Leong: Yes, indeed. Actually, it was overdue for the epiphany, and there are more epiphanies to come. The first epiphany is we have to manage our information obligations together. Privacy is obviously a big component, but so are other obligations such as to answer litigation, such as to keep electronic business records, such as to answer regulatory authorities. All of these combined under some umbrella we call information governance. Now, that's come together, that's the first epiphany. The second epiphany is a little bit more good news in that apart from just meeting your obligations for information management, it can also lead to a massive value proposition in being able to tap into all of that governed data for insights to run the company. This is almost a virgin field because most of the data that's to be governed is what we call unstructured data, textual data, stuff that doesn't fit in an SAP database. It's quite a bit different. It's quite challenging, because on the SAP side, you can easily sort data by, let's say ZIP code, but how do you sort a paragraph?
It requires a re-thinking of how to tap into this unstructured data, and it's absolutely necessary. And the reason is because unstructured data is all human data. All the stuff that we communicate among humans is all unstructured, and if we tap into that, we hold the keys to the human side of the corporate kingdom. And that bears remarkable potential in terms of understanding how your organizational dynamics work and thereby getting insights to really up the organization's performance. That's very, very much building up right now as we speak, and there's a massive, I think, realization yet to come that this potential is totally untapped.
SEE: Data privacy laws are constantly changing: Make sure your business is up to date (TechRepublic)
Karen Roby: Kon, talk a little bit about legislation, specifically where we are. Of course, it's been piecemealed in different ways from different states, and that makes it somewhat confusing and convoluted, too.
Kon Leong: The move is in paces. Currently, most of the privacy focus is on consumer data, and that will be the first stop, if you will, for all the regulators. However, part and parcel of that move is also the obligation to manage your corporate data, especially employee data, for example, internal data. That also has to be addressed, and of course it all comes together as in everybody's private data. That actually is a little bit misunderstood today, and here's why. Although GDPR was the first move, I don't think the world has yet grappled with what exactly privacy laws entail.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
The technology is lagging seriously behind. Most of the focus today is on privacy processes and procedures and protocols, but no one's really focusing on, "OK, now that we've got all of these policies in place, how do we implement? Where's the plumbing, where's the infrastructure?" And there, I think the world's still waking up to the challenges ahead. It is quite a massive leap in information management. If you want one analogous image or a comparison, for the last seven decades or more, IT has focused on data that was primarily all siloed. Siloed applications generating siloed data. And now here comes a slew of legislative initiatives that say, "OK, we're looking at privacy, and by the way, no data is exempt. Therefore, we don't make exemptions for silos. So to manage it, you have to de-silo effectively." And are you kidding me? You're going to undo 70 years of IT infrastructure? So we're still kind of scratching our heads and saying, how do we get this done? And I think the world's still waking up to that.
Karen Roby: All right, Kon, just looking down the road, say a year from now, how do you see things? How will they be different than today?
Kon Leong: I think we're kind of muddling our way through it in the more larger sociological perspective. There are many contradictions. For example, this one often catches regulators off-guard. To implement privacy, you need intrusion. It's the exact opposite of the intent.
To give you an illustrative example, possibly the world's most private information system is also possibly the world's most intrusive, like the CIA's classified system. You only get to see what you're allowed to see. This contradiction really hasn't seeped into the public's consciousness.
SEE: Expert: Intel sharing is key to preventing more infrastructure cyberattacks (TechRepublic)
Karen Roby: What will it take for it to?
Kon Leong: I think that's an interesting question, but what's more interesting is, what will it take to maintain the intent of privacy? Because information, residential information is possibly the most powerful asset of any company, organization or country. In a sense, you could say that it's even more powerful than nuclear bombs. Nuclear bombs you use for an invasion, destruction. But information, with information control, you can have sustained occupation. That's a totally different gig.
Karen Roby: Totally different.
Kon Leong: Yeah. Residential information is a tremendous amount of power, and the only line between conscientious use and abuse is successful and sustained oversight. How can we maintain that? I don't have an answer, because in mankind's history, it's still been a work in process.
Karen Roby: Yeah, still a lot of answers that we need, Kon. Before we wrap up here, any final thoughts you want to pass on?
Kon Leong: We are just at the beginning of tapping into the value of data, especially the human data, the unstructured data. When that comes about, I think there will be quite an awesome realization that, "Oh my God, we're sitting on this information power, and therefore what that will have, not just control, but also responsibilities." We're right now demoing some of the things available where you can scour the entire universe of data that you have under your roof, and the amount of things that fall out are just jaw-dropping. You can answer questions that you never thought you could answer. For example: Who are my most critical employees? Who are my go-to people? ... with just a click of the button. We're progressing very closer and closer to that Hollywood image depicted in Minority Report. We're getting closer and closer there. It'll be interesting to see how we fare when we get there.
Subscribe to TechRepublic's YouTube channel for all the latest tech information and advice for business pros.
- Cybersecurity: Don't blame employees—make them feel like part of the solution (TechRepublic)
- The security and privacy behind IBM's Digital Health Pass (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)