UnboundID: What are the biggest challenges at organizations right now when it comes to protecting customer privacy?
Farber: Companies are struggling to know exactly where their data is located, how many copies of that data exist, who has access to it, and for how long it is stored. They don’t have the staff to manually govern this. On top of this, there are varied laws depending on your industry and the states and countries where your business operates. Usually, there’s only a high-lev
el business process understanding as to why data is collected, from which sources, and where it resides. There’s usually confusion about “ownership,” which means that nobody knows who should make decisions about personal data. Adding to the mix is that large organizations usually have legacy systems, which have not yet been decommissioned, but which are still collecting data. Generally, companies need to tighten their processes around data lifecycle management. With the movement toward big data, the tendency for many organizations now is to collect and store as much data as possible with the hopes that insights may be gleaned in the future. Though, from a privacy perspective, that’s a bad practice. Most privacy laws require a company to collect, store, and share personal data for a specific purpose.