Enterprises are dealing with a barrage of upcoming regulations concerning data privacy and data protection, not only at the state and federal level in the US, but also in a dizzying number of jurisdictions around the world.

Kicked off several years ago by the groundbreaking introduction of the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), the regulation and compliance trend is only going to intensify. In August the Federal Trade Commission (FTC) released an Advance Notice of Proposed Rulemaking (ANPRM) titled Commercial Surveillance and Data Security that encompasses a wide range of data protection and privacy issues, including data monetization models, discrimination and algorithmic biases and data security, to name a few.

As these types ANPRMs continue to be released and regulation swiftly catches up to innovation, a recent Gartner survey predicts that 75% of the world’s population will have its personal data covered under modern privacy regulations by the end of 2024.

At IBM’s recent Chief Data and Technology Officer Summit on data privacy, I spoke with some of the world’s top data leaders about the two-pronged challenge they’re now facing: ensuring that data policies and practices meet regulatory demands, while also continuing to innovate with new technologies.

We agreed there is a way to navigate this complicated landscape and maintain a competitive advantage that delivers business value. The journey starts with having a multimodal data governance framework that is underpinned by a robust data architecture like data fabric. This framework can create a standard approach for meeting regulatory compliance while allowing for customization to address local regulations and being proactive when handling new regulations.

Adopting a privacy-centric approach built around a data fabric

data fabric is an architectural approach that simplifies data consumption across a diverse and distributed landscape, while adhering to data privacy requirements. Think of a data fabric as a single pane of glass that creates visibility across an enterprise. By doing so, it greatly reduces the complexity of managing disparate regulations worldwide. What’s more, a data fabric can automate data governance and security by creating a governance layer across the lifecycle.

To understand how a data fabric helps maintain compliance to privacy regulations, it’s helpful to look at some essential elements of that single pane of glass.

Build a foundation using a common catalog and metadata

Building a data fabric starts with creating visibility using a data catalog, which is an inventory of an organization’s information assets. It lets appropriate parties, such as the company’s chief data analyst, know what the data is and where it resides. Without a data catalog, data can remain hidden or unused and become impossible to manage.

A proper data catalog has a common taxonomy that helps everyone communicate more effectively and solves a common challenge of data integration—different data sets describing the same terms differently. This is important for data privacy: If the wrong term is used, data that should be limited in access might accidentally be made available to the whole business.

Similarly, active metadata — data about data — is at the heart of how a data fabric delivers on privacy for the same reason as a common data catalog. If you don’t know the details about your data, how can you truly say who is meant to see it or how you can use it? In the context of a data fabric, think of metadata as an augmented knowledge graph displaying the network of data across an entire enterprise, along with the conditions that apply to these sets of data.

Operationalize data privacy through automation

Once metadata has been created, it can be tagged, signifying which data is sensitive, limiting who has access to it and so forth. Then intelligent automation begins.

Automated metadata generation is particularly important for access and privacy. Consider, for example, an enterprise that wants to bring in a new data set containing transaction information such as item descriptions, quantity purchased, name, address and credit card number. When this data set is ingested, automated tagging labels the item descriptions and quantity as general transaction data, the name and address as personal data, and the credit card number as financial data. This tagging allows policy enforcement at the point of access. If business users access the data set, they can see the general transaction data, but the personal and financial data is automatically made anonymous.

Govern data and allow self-service consumption

While many of the regulations coming down the pike will be similar or even identical, how they are enacted will look very different across countries and regions. The challenge lies with demonstrating compliance to regulators while providing business users with a way to easily access the information. Otherwise, compliance creates a speed bump for innovation. That’s where the self-service element plays a critical role.

While self-service suggests a lot of freedom, the data fabric must include multimodal governance, allowing only certain people to access that data. Again, that single pane of glass will bring together the privacy and the security aspects at a single access point, while offering users an easier way to serve the data they want accessible to others. The ability to conduct real-time monitoring and audits helps secure the systems and comply with regulations, but it also helps the business mitigate data loss through breaches and keep models accurate.

Find your holistic data privacy and security solution by getting started with a data fabric strategy.

To hear more from data leaders around privacy, watch the replay of our CDO/CTO Summit series and attend our upcoming in-person CDO Summit.

Learn how IBM can help you turn compliance into competitive advantage

More from Cloud

Get ready for change with IBM Cloud Training

2 min read - As generative AI creates new opportunities and transforms cloud operations, it is crucial to learn how to maximize the value of these tools. A recent report from the IBM Institute for Business Value found that 68% of hybrid cloud users already have a formal, organization-wide policy or approach for the use of generative AI. That same report also noted that 58% of global decision makers say that cloud skills remain a considerable challenge. Being proactive in your learning can significantly…

Data center consolidation: Strategy and best practices

7 min read - The modern pace of data creation is staggering. The average organization produces data constantly—perhaps even continuously—and soon it’s investing in servers to provide ample storage for that information. In time, and probably sooner than expected, the organization accrues more data and outgrows that server, so it invests in multiple servers. Or that company could tie into a data center, which is built to accommodate even larger warehouses of information. But the creation of new data never slows for long. And…

Hybrid cloud examples, applications and use cases

7 min read - To keep pace with the dynamic environment of digitally-driven business, organizations continue to embrace hybrid cloud, which combines and unifies public cloud, private cloud and on-premises infrastructure, while providing orchestration, management and application portability across all three. According to the IBM Transformation Index: State of Cloud, a 2022 survey commissioned by IBM and conducted by an independent research firm, more than 77% of business and IT professionals say they have adopted a hybrid cloud approach. By creating an agile, flexible and…

Tokens and login sessions in IBM Cloud

9 min read - IBM Cloud authentication and authorization relies on the industry-standard protocol OAuth 2.0. You can read more about OAuth 2.0 in RFC 6749—The OAuth 2.0 Authorization Framework. Like most adopters of OAuth 2.0, IBM has also extended some of OAuth 2.0 functionality to meet the requirements of IBM Cloud and its customers. Access and refresh tokens As specified in RFC 6749, applications are getting an access token to represent the identity that has been authenticated and its permissions. Additionally, in IBM…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters