top of page

Data Security in Today’s Environment


Futuristic Blue Hologram With Technology Information On Screen by Thamrongpat Theerathammakorn from NounProject.com


Data, your personal information, is a form of currency in today’s online world. No longer is your privacy guaranteed as geographical boundaries and jurisprudence are increasingly ignored by hackers, thieves, and well-intentioned analytics gurus. Data mining is a profitable business, and you are the product being milked for all its worth. There are reports every day of medical information being shared without permission to insurance groups, biostatisticians, and others in the name of the ’public good.’ Rules and regulations like GDPR give many the right to be forgotten. But you must deliberately opt out. And when you don’t realize you’re even ‘in’ the game in the first place, it's a never-ending battle to protect your digital footprint.


How does the smart consumer of digital life go about shielding their most intimate details, while still enjoying the many entertainments and services at hand on the web of today? Some experts say it’s already too late. And they may be right. Your cellphone alone provides a wealth of data via GPS, location tracking and connectivity services, the baseline necessary to stay connected while out and about, before you even begin to indulge in a little TikTok.


Needless to say, data security is a core discipline for companies to protect sensitive information and prevent breaches in both internal systems and cloud environments. In the case of expert systems, where the software mines information internally from repositories and active channels, such as MS Teams or Slack, the employees are subject to exposure on a regular basis. These smart knowledge management systems advertise that they distribute the right information to the right people at the right time. However, if an employee is chatting about personal plans or sensitive health information, that could be shared with coworkers unintentionally. Another example: executives are talking with each other about the financial implications of an upcoming merger. It is essential that the information remains confidential to comply with SEC regulations and not violate insider trading restrictions. Ensuring that the conversations remain limited to a small cohort is where data privacy rules and policies come into play.


Data Security and Privacy

There are so many federal and state, let alone international laws out there to keep track of. Specialized software for just this area of compliance exists from a number of companies. It’s a well-established niche. To comply with various regulations such as Health Insurance Portability and Accountability Act (HIPAA), General Data Privacy Regulation (GDPR), or California Consumer Privacy Act (CCPA), companies need to disclose to employees how they collect, process and share their personal data. The best way to do this is through transparent formal consent policies that are easily accessible and understandable as well as compliant with all relevant laws. Ensuring the proper handling of private details is part and parcel of this mandate. Not to mention, it’s just common courtesy and proper treatment of the people you work with.


In general, companies can only collect and process personal data of employees that is necessary and relevant to their job. Typical employee data includes resumes, references, payroll information, medical files, employment contracts, compensation, and benefits, as well as performance reviews. Sometimes, however, PII can leak out in casual conversations that take place on open chat channels.


The way smart systems handle this challenge is through anonymization of key elements of the data, called entities. An entity is just a fancy way in data science-speak to say ‘noun,’ the ‘who’ or ‘what’ of real life. By creating variables, or placeholders for the real data, you can ‘hide’ the info while still counting the item. So “John” becomes “first_name” and “Doe” becomes “last_name” and so forth.


Entities are central to expert systems looking to take action based on understanding who is who, how they are related, what they are talking about, and if it is useful for an organization. By hiding personally identifiable information (PII), the models and algorithms that intelligently process the conversations are able to extract necessary facts, make connections, while still respecting privacy.


Ethical companies take data privacy and PII protection seriously, implementing the highest cybersecurity standards and infrastructure to not only protect from outside intrusion but also to mediate against bad actors with internal access to systems and sources of information. A well-designed system is only concerned with the data and conversations that are relevant to the processes, technology, and skill sets required to run the business. All other data should be filtered out of the raw feed before onboarding to a system. Let’s take a few minutes to look at how that is accomplished.


In increasing order of complexity, the filtering and de-identification processes are as follows:

  • Filtering: Remove all irrelevant data and sensitive conversations with no replacement of content. This can also be referred to as Redaction.

  • Masking: Replace the sensitive content with fixed characters. Where data is necessary for answering questions, the sensitive, unique identifiers for individuals are replaced.

  • Encryption: Replace sensitive content with encrypted strings. The only one who can reverse the encryption is the person or entity who holds the encryption key.

The overall goal is to reduce weight on the system by removing noise from the process as early as possible. Responsible companies do not want to handle any information they don’t need to see. The rule of thumb is ‘only gather what you absolutely need for a specific business goal.’ As for training the models, only the information related to areas of interest such as skill sets, or topics being discussed are relevant. What you’re eating for lunch, weekend plans, medical details are of zero interest and are removed before any data is processed. At Radar for example, as the models identify new sources or refine the definitions of ‘noise,’ we update these preprocessing filters to be more efficient at catching and removing chaff.


In order to create an automated data transformation pipeline to cleanse sensitive data like personally identifiable information (PII), de-identification techniques like tokenization (pseudonymization, or creating a fake name via a variable placeholder) let you preserve the utility of your data for analytics while reducing the risk of handling the data by obfuscating the raw sensitive identifiers. To minimize the risk of handling large volumes of sensitive data, pipelines like the one described above, can use an automated data transformation algorithm to create de-identified replicas of your original source. A company should never keep or store your raw source data in their systems. At Radar, we only maintain metadata and the output of the analysis in the form of machine-learning models.


Encryption at rest and in transit

Maintaining data security is critical for most organizations. Unauthorized access to even moderately sensitive data can damage the trust, relationships, and reputation that you have with your customers. Any truly responsible company encrypts data stored at rest by default. For example, at Radar, by default, any object uploaded to the AWS system is encrypted using an Amazon-managed encryption key. Data in transit should also be encrypted to follow industry best practices and prevent leakage or exposure to bad actors. Again, each company will employ their own keys and methods to ensure this protection is in place. It’s all about good hygiene along the entire route of getting the bits of information to and from where they are most needed.


So now that you are aware of the processes around data handling, and maybe just a little bit scared, what can you do to make sure your information is safe? After all, some of the data belongs to your employer, some of it is stitched together from public sources, and some of it is freely out there because you’re active on social media sites. Here are some recommendations from industry experts:

  • Know your rights. Where you live may give you more protection. CCPA ensures that California consumers have a level of safeguards. GDPR protects EU citizens. The rest of us are waiting for our elected officials to take these examples to heart. Recently in the summer of 2022, the US Government acted on a data privacy law called the American Data Privacy and Protection Act (ADPPA). It may actually make it into law. Someday.

  • Situational awareness. Don’t overshare on social sites like TikTok or Instagram. These popular forums are rife with identity thieves looking to harvest your background details. They will then create a profile of your personal life to hack into accounts where passwords and security questions depend on such data. And it’s an obvious thing to say, but don’t spam your coworkers with details about your personal life on Slack or Teams channels. Be professional at work.

  • Password hygiene. Use a password manager to generate unique, complex passwords for various accounts. This is probably the single most important thing people can do to protect their privacy. Whether working in a large organization, or a small startup, never share your password with other employees. This opens you up to liability for their actions. The risk is too great that you will take the blame. Along with good, strong passwords, two-step authentication is an additional layer of protection. After the password, you enter a code only you can access, from your phone or email in most cases.


Other, more paranoid people also protect their web browsing. Companies track everything you do online. It’s how ad targeting works, by following every move you make, every click you take. They are watching you to profile you even if you never say a word about your health, religion, or eating habits. Browser extensions exist to block ads and the data they collect. Simple Opt Out has direct links to instructions for most major sites. Doing these things won’t stop the tracking completely, but it will significantly reduce it.


Here at AskRadar.AI, we take data privacy seriously. Our dynamic knowledge exchange works internally with sources of information to connect users with experts who have the answers to questions that Google just can’t answer. Google doesn’t have access to the tribal knowledge inherent in companies and their people. It’s the people that are the most valuable assets in an organization. Protecting their data while ensuring that the community is thriving, that’s what Radar provides. A safe, secure environment where experts and co-workers communicate around the issues and processes that matter to your business.


If you’d like to learn more about AskRadar’s Knowledge Engagement services, contact us at Sales@AskRadar.ai.

 

About AskRadar.ai

We believe that people are the key to solving complex problems.

With pinpoint accuracy, Radar connects you with the right expert, right now, to answer complex internal questions, because complex problems don’t get solved with chatbot answers or crowdsourced chaos.


Radar creates intelligent connections through a combination of computational linguistics, A.I. models, and human intelligence. The result is increased productivity and accelerated operational velocity, with drastically reduced interruptions from those Slack attacks and email blasts. And, when a question has been asked more than once, Radar serves up the most recent relevant expert answer, getting rid of fruitless searches for information.


Radar’s Dynamic Brain learns from every interaction, ingesting conversational data, and gets smarter every day.


 

About the Author

Sharon Bolding is the CTO of AskRadar.ai, an A.I.-powered Enterprise SaaS company. She is a serial entrepreneur, with experience in SaaS, FinTech, CyberSecurity, and AI. With two successful exits of her own, she is a trusted advisor to startups and growing companies. An invited speaker at universities and tech conferences, she focuses on educating users about the ethical use of their data and how AI impacts privacy and security.



Comments


bottom of page