We are excited to bring Transform 2022 back to life on 19th July and virtually 20th July – 3rd August. Join AI and data leaders for sensible conversations and exciting networking opportunities. Learn more
If you spend time reading the latest quarterly results of any company, you will undoubtedly discuss how much they invest and how good they are at analyzing and using the information. Silicon Valley is full of companies dedicated to creating, consuming, and analyzing huge amounts of data. We are told that data is a currency, its value is applied to gain an understanding of more complex, sophisticated techniques. However, if data is not just a currency, but a tool of debt, its intrinsic value can quickly turn negative.
Value of old data: a new calculus
The value of information is clear: it is required in almost all functions of the organization, from small local businesses to the largest financial services and technology companies. But data risk calculations remain inconsistent. Information security-related threats have been highlighted by critics, breaches and ransomware attacks.
Yet, even with these known risks, organizations often struggle to get rid of anything. There are three primary reasons why businesses are reluctant to delete data: (1) its potential value or future use at some point, (2) legal or compliance concerns or delete false information, and (3) incomplete view of the organization as a whole.
The first problem is often the most difficult to solve. Marketing, sales, development and product teams have an insatiable appetite for data to deliver results. The idea of deleting information, even if used trivially today, is terrifying as it may provide unique insights into the future. And the ever-increasing sophistication of analytics capabilities provides the ability to make subtle predictions without significant additional investment.
Conversely, legal and compliance concerns are generally becoming more systematic. In the long run, the risk of impropriety in legal proceedings or improper / accidental deletion of corporate records far outweighs the benefits of deleting anything. Legal and compliance teams have been battling litigation and regulatory enforcement actions for more than a decade where data issues have been at the forefront. But the experience also taught these teams that there is a risk associated with information, and they can see that the calculation of data deletion versus data retrieval is changing. In addition, initial experience with global privacy requirements such as GDPR has provided greater risk recognition.
The new calculus is based on the equilibrium and multiplication factor of the variables associated with the sensitive information. First, all parts of the organization need to acknowledge that the possession of information represents risk in addition to value. Second, sensitive information that can provide a high level of insight has similar levels of potential risk. Finally, the enterprise needs to establish effective means of disposing of information which it does not need once its value and maintenance responsibilities have passed.
Big New Variable: Privacy
The insurance industry is often not seen as the driving force behind change. It is highly controlled in most jurisdictions and has developed risk models based on a long history of claims and events. This dynamic has forced the industry to adapt slowly to change effectively, requiring significant preliminary data analysis and maintaining long data retention periods. And yet, we can see that the insurance industry is now quietly leading the new charge.
Long before big data, machine learning, and advanced analytics got the latest technology journals, actuarial science laid a trail in the insurance industry. However, analyzes based on similar events in the past seemed largely backward to predict future risks. In recent years, the insurance industry has adopted practices that have created huge amounts of information to be used in real-time to develop its models. In the process, the industry posed a new risk, which it is still trying to fully understand.
For example, many insurance companies now offer potential savings in automotive insurance if they are allowed to monitor their driving habits in real time. These apps capture a tremendous amount of information for a given person from time, distance, acceleration, speed and other features. This allows companies to create risk models and adjust coverage rates based on this analysis. At the same time, they are creating huge amounts of sensitive private information.
Insurance companies now develop insurability scores and models based on exceptional aggregation of public and privately available data. The aggregation of these data includes some of the most detailed views of the individual’s habits, practices and personal information. It is constantly updated by them, providers and third-party suppliers, and feeds any number of models, systems and automated processes.
All of this data creates value for developing risk models and serving customers. But it also generates huge amounts of sensitive, private information.
Opinions on jobs
The National Association of Insurance Commissioners (NAIC) is an organization that very few people have encountered. Insurance regulation is largely state-based in the U.S., and NAIC formulates the standards and model rules adopted by insurers or is codified into law or regulation. NAIC has a history of model rules that deal with information security, record keeping and privacy, focusing on the security of information and organizations and the availability of data to regulators. However, new laws are being adopted in many U.S. states, and with experience with the EU’s General Data Protection Regulation (GDPR) that governs the use, access and rights associated with information, the NAIC realized that more privacy- A centralized model is required.
Through the working group, they sought responsibilities and lessons from GDPR with CCPA, CPRA and CDPA and provided a general set of requirements including:
- The right to opt out of data sharing
- The right to limit data sharing unless the customer chooses
- The right to accurate information
- The right to delete information
- The right to data portability
- The right to restrict the use of data
The elements aren’t particularly specific, but the insurance industry was one of the first to strip them of the existing techniques and practices they might encounter in a privacy perspective. In the developed world, almost everyone is a customer of an insurance company. What happens if only one fraction of the rights mentioned above are used? It will reduce the amount of maintenance requests handled for litigation or regulatory purposes. And what about all that sensitive information that has long gone through its maintenance requirements, but has never been deleted?
Undergrowth burning: Establishing the value of your data
Enterprises need to establish practices and techniques that address the full range of privacy obligations in the EU and emerging in the US is an important first step in moving your organization forward with limited value or retention period. Many organizations are struggling with regular data deletion; Now they should be prepared to do so on demand, possibly from many of their customers.
Like undergrowth in the forest, information provides value up to a point. Then there is the risk of burning the entire forest if not managed or removed. Organizations should start by establishing the value of information and clearly understanding what undergrowth and risk represent. Then, they should light the match and burn what they don’t have or don’t need anymore.
George Xiahans is the managing director of Breakwater Solutions,
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including tech people working on data, can share data-related insights and innovations.
If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing to your own article!
Read more from DataDecisionMakers