BW Businessworld, India: Cognizant’s Global Chief Technology Officer Discusses how Companies Should Handle Personal Data

“In today’s digital age, when personal data has become a precious commodity that helps companies target and serve customers at a granular level and monetize it to bits, the larger question is how should companies handle personal data that the trusting customer shares, and why the customer should be honoured with the right to be ‘forgotten’ once she exits the platform?” writes Aan S. Chauhan. Excerpts:  

“Every year, incidents of personal data breaches by accident or by hackers are on the rise, exposing them to malicious forces who could do anything from targeted selling to even swaying national elections. Data Breach Level Index, published by global digital security company Gemalto paints a grim picture. In the first half of 2018 alone, as many as 4.5 billion records were breached, a staggering 133 percent increase from the same period in 2017. In other words, 291 records breached every second!

Businesses should move to a model in which individuals hold complete control over their personal data, which would only be used on an as-needed, temporary basis after complete consent. Companies should also identify data theft risks, and stay guarded by mastering the ethics of how to hold, encrypt, anonymize, obfuscate, and mask data.

More importantly, companies should know when to expunge all personal data when a customer exits, leaving no embers that could kindle anything undesirable. The recently enforced General Data Protection Regulation (GDPR) is a strong step in this regard, as it mandates companies to ‘forget’ personal data when not required, with huge liabilities during non-compliance.

While holding data securely, companies should evaluate and consider all risks involved. When risks are well judged, companies can then seek data that is truly essential, and leave out the rest. While holding the data, all steps must be taken to proactively safeguard against all security breaches, with backups and corrective mechanisms in place. Companies should then establish and maintain the customer’s trust. Only when required, they should comply with requests from governments for data share for stipulated timeframes. Lastly, companies should never take customers and their data for granted, and understand the legitimacy behind customers’ right to be forgotten.”

Click here to read more.