Updated: Sep 21
In the current era, every organization is trying to analyze customers’ information to gain a competitive advantage. In order to do this, data pipelines are becoming extremely complex, with data stored and shared across different systems in different formats. Organizations have the formidable task of protecting this data, and providing it only to the intended audience, lest they start losing customers, trust, and eventually, business.
At the same time, maintaining compliance across different global and state-specific regulations adds to the complexity of data governance. Complying with these laws while maintaining a seamless flow of information across the organization is often an overwhelming task. Furthermore, these laws have become increasingly identity-centric, returning power to consumers by conferring rights to access, erasure and usage of data.
My first brush with privacy was at my previous job where I was heading the AIOps team. As part of the global launch of our product, we needed to achieve GDPR compliance. The steps and processes that we came across were quite eye-opening, and left me with many questions. I was aghast to find that even in this new age of automation, most of the processes around privacy were highly manual and revolved around paper filing. By the time we were done with the audit, I knew in my heart that most of the answers we were providing were designed to get certifications, rather than protecting the privacy of our customers. And even if we were only focused on such certifications, we explored the available privacy tools and found that there was nothing available that could help us stay continuously compliant.
Let me highlight some of the key challenges that we faced:
Lack of automation: There was lots and lots of paperwork! It felt like the way to get compliance was to define a set of processes that were very hard to audit, and throw in lots of checklists. We found that almost all the processes involved were manual.
Disparate Vernaculars: Another big challenge was the difference in the vocabulary used by lawyers/auditors and technologists. There was a big gap in terms of what they were looking for and what we were providing as evidence. There was a lot of back and forth between auditors, and simple questions would take days to resolve.
Siloed tools: We found that there was no tool that could help us maintain compliance, and at the same time provide a holistic, compliance-centric view across the different services that we were using.
LightBeam’s Data Privacy Automation (DPA) solution ties together sensitive data discovery, cataloging, access, and data loss prevention (DLP), and makes the right (sensitive) identity-centric data available to the right people and teams. It is a privacy control tower that provides a 360-degree view of the entire sprawl of PII/PHI/ otherwise sensitive data, and enables privacy officers to set policies to automate enforcement.
The LightBeam team has approached this challenge from three lenses, described below.
At LightBeam, we have taken an automation-first approach towards Data Privacy. At my previous job, as head of AIOps, I learned the hard way that one cannot build an AI-based automation platform by extending an existing platform to include AI capabilities. It has to be architected and designed from the ground up.
Automation requires precision: Things can become unwieldy if they are automated with imprecise information. On its own, no system can figure out the difference between customer data and employee data. Lightbeam’s platform has built-in controls through which it can be taught the differences in data, and take appropriate actions in an automated manner.
Humans in the loop: Let’s be honest — people overemphasize the power of state-of-the-art AI models. Even for simple tasks like Named-Entity Resolution, today’s models can be imprecise at times. We have included tooling for users to provide appropriate feedback to the system. As an AI platform, LightBeam learns from such feedback and consistently gets better over time.
Scalable AI: On average, organizations are carrying more than a petabyte of customer data, and this data is increasing at a faster pace than ever. We have taken a systems approach for AI, processing data in a distributed manner, with the ability to expand easily based on customer needs.
Conversational Expression of Privacy/Compliance/Legal Policies
To bridge the gap between the terminology used by lawyers/auditors and technical folks, we have provided easy-to-use policies. Our policy framework helps translate legal verbiage into actionable rule sets that can help organizations manage data flow across their systems. The LightBeam platform provides visibility and knobs to control access to privacy data, enabling organizations to be continuously compliant.
Furthermore, dashboards and reports can be shared with auditors to quickly get the necessary compliance certification. As a result, auditing and compliance instead of being a long-drawn, tedious and superficial process can be something that is automated, empowering and protecting the privacy of an individual/entity with emphasis on ease of usability.
360-Degree View of All Sensitive Data
While most existing solutions are designed to support either structured data or unstructured data, LightBeam takes a holistic approach towards privacy. LightBeam is the only platform in the industry that can co-reference privacy data from unstructured (i.e images, docs, chats), semistructured (logs, nosql database, html, json) and structured data to provide identity-centric views. This helps organizations to see the full, 360-degree picture of customer data flow, and manage the entire lifecycle of that data.
A Privacy-First World
It is revealing to note that privacy is still very much honored in the physical realm. If you go and open a lock box at a bank, or at a post office, your contents are private by default! However, in the digital world, privacy has gotten the sharp end of the stick over the last two decades. It is as if whatever you put in a bank lockbox is visible to everyone within the bank, and to their partners, absent some special intervention. This would not be acceptable to consumers — and neither is the way their sensitive data is managed today.
Forward-leaning organizations understand this, and are actively helping consumers to take complete control of their sensitive data. By giving back to consumers what was theirs to begin with, businesses at the vanguard of privacy engender trust. Simply treat your customers’ data with the same respect as your own, and you can transform privacy from a checkbox item to a massive differentiator.
LightBeam.ai will be unveiling its generally available data privacy automation platform at booth #119 of the IAPP Global Privacy Summit 2022 in Washington, DC, April 11–13, 2022.
Read our press release here : https://www.lightbeam.ai/resources
A quick overview of LightBeam can be seen here: https://youtu.be/bbAjMewSbCE.