In the Nation's Interest

Don’t Let Data Breach Anxiety Limit Your Growth and Innovation

by MICHELLE FINNERAN DENNEDY June 06, 2017

In a world defined by digital globalization, data is fast becoming the new currency. So if we want to innovate and create value for business, we have to do more than simply collect data – we have to know our data. This means we need to know where we store it and who has access to it. We need to know if we are using this data for a specific purpose or if it’s just sitting stagnant. Most of all, we need to understand the lost opportunity we face if we don’t handle data appropriately. For businesses, this could mean leaving money on the table by missing out on data’s massive value potential.

While it can be an enormous source of value, data can also be a minefield of potential liability. These days, bad actors understand the value of hijacking customer and business data, and they have the time, skills, and persistence to breach networks and systems to take it. Meanwhile, customers and consumers alike are becoming more aware of the potential uses and value of their personal information and are demanding companies treat that data as if it were their own.

If you don’t know where your data is, who is in charge of it, or why you have it, you are setting yourself up for serious risk. In fact, regulators and governance bodies worldwide are enacting increasingly stringent measures to protect personal data. With enforcement of the European General Data Protection Regulation (GDPR) on May 25, 2018 less than a year away, private and public organizations doing business in EU countries will have to adopt more effective information management practices or incur significant penalties. Certainly, GDPR is having a ripple effect, causing countries all over the world to modify their own data protection laws – thereby introducing even more complexity to the regulatory landscape.

Decades ago, Rear Admiral Grace Hopper, known as “The Amazing Grace” for her accomplishments as one of the first female computer scientists and high-ranking female naval officers, said,

 “Someday on the corporate balance sheet, there will be an entry which reads, ‘information,’ for in most cases the information is more valuable than the hardware which processes it.”

That day is here. In fact, research from Northeastern University finds that an estimated 2.5 exabytes (one billion gigabytes) of data are generated every day, giving business the opportunity to monetize and mobilize data in innovative and perhaps undiscovered ways.

This can be both empowering and paralyzing. A tension emerges when you collect massive volumes of data. As with many powerful opportunities, some are excited about maximizing the economic and intelligence possibilities, while others are fearful of the risks. To balance these competing interests successfully, you need to thoroughly know your data.

At Cisco, we recognize that data privacy and protections are critical to an organization’s ability to innovate. In our Cybersecurity as a Growth Advantage report, we identified 414 use cases in the digital economy that will drive $7.6 trillion in value over the next decade, and over 75 percent of this value depends on data privacy. Those opportunities should not be missed.

Given these new realities and the increasing level of cyberattacks, there can be a temptation to lock data safely away. Ransomware attacks are on the rise, paralyzing operations and reinforcing the importance of protecting consumer data. Daily headlines tell stories of breaches resulting in millions of stolen records, like last year’s catastrophic hack of the U.S. Democratic National Committee, as well as major attacks on other Silicon Valley giants and retailers. Small-to-midsized businesses are just as vulnerable. With many companies losing value because of these events, caution is understandable.

As chief privacy officer for Cisco, I am acutely aware of the need to serve as a responsible steward for the data entrusted to us by our customers, partners, and employees. I also know that approaching data from purely a liability standpoint would effectively stifle growth and wall off potentially significant business-building opportunities.

Limiting data utilization to avoid or mitigate risk limits your opportunity to foster a culture that links data stewardship to customer value. This can cause your customers to become increasingly wary of entrusting their information to data-driven ecosystems, and in turn introduce more friction into the system, suppressing the benefits of the data-driven economy for all of us.

As we continue to transform into an information society, we have an opportunity to innovate and grow without sacrificing the security and privacy of corporate data. The businesses and brands destined to thrive will be those that strategically use data in a secure, ethical manner to support growth, while preserving employee, partner and customer trust. Adopting a proactive, disciplined approach to responsible data governance, and developing and integrating privacy-engineered services and tool kits, is therefore better for business and individuals, both near and long term.

​Michelle Finneran Dennedy is a CED Member and the VP and Chief Privacy Officer of Cisco.