The Data Trifecta: Privacy, Security, and Governance from Reactivity to Resilience

By on
privacy and security

Chances are, if you’re running a business whose bottom line relies heavily on data, you have untapped data value right at your fingertips. How to extract more meaningful insights while complying with strict regulations? You must reframe how you think about the traditionally separate realms of data privacy, security, and governance, said the panelists at a recent webinar hosted by DATAVERSITY® and moderated by Gary LaFever of Anonos, whose privacy and security platform helps organizations make the most of their data.

LaFever was joined by three panelists at the webinar:

  • Awah Teh: VP of Data Governance and Privacy Engineering at Capital One
  • Steve Prestidge: Chief Commercial and Innovation Officer at Anonos
  • Joseph Sommer: Managing Partner at EY Financial Services

In a spirited hour-long round-robin, the guests and moderator discussed why many of today’s organizations fail to reap the benefits of a more resilient “lean” mode of data management, and why the common practice of delegating privacy, security, and governance functions to the IT department can be a costly misstep.

Data Privacy, Security, and Governance Defined

While the domains of data privacy, security, and governance deal with many of the same issues, they are not synonymous. Data privacy focuses on protecting personal data, while data security deals more broadly with guarding all of an organization’s data from unauthorized use. Data governance helps balance data security with access while adhering to industry regulations and business procedures.

“If you can get these different groups – privacy, security, governance – to work together and give them the tools to do so, the results can be near magical,” said LaFever. “One way of achieving this goal is to facilitate collaboration between the data and privacy teams. When these teams work together in a coordinated fashion, understanding that they are both critical to the success of the business, barriers can be overcome.”

Data: The New Oil, Water, or Coffee?

For some time now, “data is the new oil” has been a popular catchphrase within the business community: Today, it is information, not physical commodities, that holds the greatest promise for striking it rich. While the metaphor is evocative, for the panelists, it does not capture how much value data can infuse into a company. Whereas oil can be produced and consumed only once, data can be endlessly reused and repurposed, provided it is carefully managed.

Like water, the seeming ubiquity of data can sometimes camouflage its value. Moreover, data exists in a variety of states that can dictate the parameters of that value. Sommer quipped that like water, data can be frozen, fluid, or in the form of steam.

“When it’s frozen, or overprotected, it’s inaccessible to the business and nobody can get to it,” said Sommer. “When it’s steam, when there’s no security, it’s leaking out of the organization, and anybody can get to it. Data has to flow within the enterprise – it has to get to the places where it’s going to have maximum utility.”

The practice of lean data management – which focuses on delivering only the data that’s necessary to business users and ensuring it is clean and trustworthy – facilitates such a flow. Armed with even a modest amount of high-quality source data, the privacy, security, and governance teams can support several different types of data use cases, rather than using a one-size-fits-all approach: “It’s almost like this barista machine, where the same coffee beans – the same source data – can be used to deliver very different outcomes,” explained LaFever.

Embracing the coffee-making analogy, Teh took it one step farther: 

“Think about it like a cappuccino, which, in the simplest sense, is just milk and coffee. Think of the milk as sensitive information and coffee as raw data. Once you’ve mixed those two things together, they’re incredibly hard to separate, so you need to add just what you need, at the right time, for the right use case.”

Privacy and Security vs. Data and Analytics

Many companies struggle with the balance between managing data securely – in accordance with data regulations – and getting the most out of data analytics use cases. This means that some degree of collaboration between the data and privacy teams is paramount for success. Such collaboration can often pose a problem, however, when copies of the same data sets are trafficked across departments without initially imposing standards for these migrations.

Setting up enterprise-wide controls plays a major role in establishing guidelines, whether in the form of shifting a project to granular row column access, finding methods of transforming data into a de-identified format that poses lower risks, or furnishing your data staff with a life history of data access. In the end, these controls must be “customized to the organization’s culture,” said Sommer, “because the real issue here is not technology, it’s people. We need to get people together to understand how data is managed, how we’re keeping it safe, and how we’re enabling usage.”

Prestidge sees collaboration via a “privacy platform approach” as crucial when it comes to modernization projects: “When you’ve got a data team working with the privacy, security, and governance teams, there’s really four different conversations happening there, and it takes too much time,” he explained. “Instead, a platform approach to controls gives you the focus, the rails, and the proven methodology for a collaboration that lets you think about automation.”

New Privacy and Security Technologies: Creating Value Centers That Last

The panelists broadly agreed that bringing together privacy, security, and governance teams to develop a tech-driven model of unified engagement can revolutionize a business’s efficiency and effectiveness. In Sommer’s observations, this form of platform approach cuts down on the number of individual interactions between teams, while at the same time distilling the load of regulatory obligations, all of which makes operations more manageable to support.

Streamlining this process allows managers to automate rules and controls into the data in a manner that lets the data flow, “which ultimately means that our privacy teams and security teams can say yes to more projects,” noted Prestidge. “Then our data teams can get access to that approved data much quicker, speeding up all of the processes and reducing the risk.”

Navigating the Ever-Changing World of Data Regulations

Organizations often speculate on the direction current regulations are headed and react in a disjointed, case-by-case manner rather than embracing proactive, strategic principles. “At the end of the day, the intentions behind most privacy regulations tend to be focused around protecting the consumer,” reflected Sommer. It’s therefore essential for data teams to implement a degree of consistency between promises made to consumers in initial privacy disclosures and the ways in which data is used – and shared – in current operations.

To stay ahead of the curve of regulatory trends, teams need to remember the essential principles that serve clients: protecting sensitive data, maintaining confidentiality, and creating new products while maintaining anonymity. In a strategic, platform-driven model, new regulatory frameworks will generally only require local retrofitting and consume less time and energy. “Building these responsive data ecosystems that are able to react to changes in regulation is, in my mind, the Nirvana we all need to get to,” said Teh.

Watch the webinar presentation here:


Image used under license from