By Raja Perumal
Published on May 13, 2020
Enterprises are struggling to balance the demands of an increasingly stringent regulatory environment with the need to leverage data for business impact. Countries, states and government bodies around the world are aggressively moving to protect the privacy of individual consumers with a slew of new privacy regulations, including the General Data Protection Regulation (GDPR) in the EU, the California Consumer Privacy Act (CCPA), the Consumer Data Right (CDR) in Australia and more than a dozen more. At the same time, enterprises are working to put data into the hands of more people to drive greater value from the huge volumes of data at their disposal.
To meet these competing demands, enterprises must create a privacy-aware data culture where data users are empowered to use data for decision making and are simultaneously guided to use data in a way that is accurate and compliant.
With the partnership between Alation and BigID, enterprises can govern data usage and enforce policy at the point of consumption, enabling them to connect governance directly to data usage.
Without a modern data privacy toolset, when a company receives a request to comply with a regulation, they are forced to react to it with a one-off, siloed approach. The request is often routed through the Chief Privacy Officer’s team. That team then must manually search all data sets for records associated with the requester. This approach is slow, labor-intensive, and lacks comprehensiveness because the CPO’s team must touch multiple data sets, owned by multiple business units. This puts enterprises on their back foot, forcing them to process privacy regulation reactively as opposed to proactively working to mitigate risk. And this approach has largely been inefficient — enforcement of GDPR alone has already resulted in fines in excess of $550MM.
On top of that, a quickly changing regulatory environment forces enterprises to implement new privacy policies. Simply creating policies, however, does not ensure that data will be used accurately and compliantly. The enterprise must ensure that those policies are enforced. Because policies live outside of the data user workflow, data users must implicitly know what data is private or sensitive and understand how and which policies apply. Either that or enterprises must lock down data, restricting data consumers from using data that could be used to create business impact. On top of that, enterprises must ensure policy implementations have buy-in from various stakeholders in the organization, including the Chief Privacy Officer or Chief Data Officer, data stewards, analysts, data scientists, and line-of-business users — a difficult challenge when there isn’t a central place for collaboration on policy.
Alation and BigID provide the tools and a framework to help create a privacy-aware data culture. The Alation Data Catalog enables data users to collaborate and leverage a single source for data search and discovery, data governance, and data stewardship. With the integration of BigID for private data profiling and classification, tags and policy information can be automatically attached to data within the Alation Data Catalog. Teams can respond to privacy requests with greater speed and new policies can be implemented with buy-in from stakeholders and enforced at the point of consumption.
By providing greater insight into how data is being used, governance teams can ensure the right policy is communicated to the end-user and policy information is surfaced as the data consumer is discovering or querying their data. Governance teams can signal to data consumers that their queries may contain personal information (PI), personally identifiable information (PII), and personal health information (PHI), or are regulated by one or many policy frameworks. Governance teams can push policies and warnings directly from the data catalog to a data privacy classification tool and speed up the identification and classification of data. BigID inspects and classifies data sets and proactively applies policy frameworks and PII designations. These classifications are surfaced to governance teams, who can then ensure their accuracy for the end-user. By centralizing policies and automating identification and classification, Alation and BigID close the gap between policy creation and data use, enabling enterprises to enforce accurate, compliant data use without sacrificing data-driven decision making.
Ultimately, combining the power of BigID with Alation in this way demonstrates the use of Alation as a data platform to support a variety of metadata-related use cases from search and discovery to data governance and now, integrated and in-workflow data privacy.
To learn more about how Alation and BigID can help organizations create a privacy-aware data culture, schedule a meeting with a member of our team to discuss whether Alation and BigID are right for your organization.