Business Driven Data Privacy Policies
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  optim data guardium security infosphere ibmsecurity
0 Comments | 3,541 Visits
This post is contributed by Kim Madia, World Wide Product Marketing Manager for Infosphere.
During a recent trip to a client site, we gathered key stakeholders from across business units to discuss the broad topic of Data Governance. As part of the telecommunications industry, this client is heavily regulated and concerned about establishing an enterprise wide governance approach that spans its’ distributed, heterogeneous systems. The end goal was to create an actionable plan to establish governance policies that could be picked up across teams and enforced throughout the data lifecycle. I kicked off the meeting by asking a very simple question --- How do you define an active client?
The Marketing Manager defined an active client purely as an upsell opportunity; anyone who purchased a phone plan but not a data plan. The Sales Lead wanted to build upon this definition. He was also interested in a client’s payment history as this would influence his quarterly reports. The BI Manager was looking at subscribers through a completely different lens; post-paid customers versus pre-paid clients for a report on client loyalty. Finally, the ERP Manager needed information on all these types of clients in order to manage access rights to enterprise systems.
It was clear that no single definition existed. Each group was operating in a silo, unable to share information with each other or re-use existing definitions and processes.
The stakes got even higher when I asked– How to you protect client information as you go about completing your daily tasks? This question was met with silence in the room.
The silence granted me the perfect opportunity to discuss the new release of InfoSphere Optim Data Privacy, designed to provide a standard way to protect data and validate data privacy policies throughout the data lifecycle.
Data privacy really needs to be a team sport. Start by gathering key stakeholders from across the enterprise (For example: legal staff, LOB executives, IT executives, DBAs) to establish the right policies and standards once and align responsibility with authority to get the job done. Come good questions to facilitate this discussion include: “What is considered sensitive business data?” or “How do we define PII?” or “Who needs to see sensitive data?” Chances are you will get different answers depending on who you talk to.
InfoSphere Optim provides a standard way to define policies and standards, execute privacy policies, validate compliance and report results.
The end goal is to help clients establish business content for masking policies with enterprise-wide rule definition and the proper business content for masking policies.
Get more security news by following @IBMSecurity on Twitter.