Truata chief privacy officer Aoife Sexton discusses the importance of utilising data while addressing key privacy concerns.
Aoife Sexton is an expert in data privacy. She currently works at Dublin-based data anonymisation and analytics company Truata as its chief privacy officer. However, her previous experience includes working at law firm Tech Law Services and data protection consultancy firm Frontier Privacy, which she co-founded. She is also a certified data protection practitioner and holds a qualification from the International Association of Privacy Professionals.
Here, she discusses how the future of data analytics will evolve, how that data can be protected and the danger of “privacy paralysis”.
‘In the rush to be more data driven, it should not be forgotten that personal data is about real people and the lives that they lead’
– AOIFE SEXTON
Describe your role and your responsibilities in driving tech strategy.
As chief of product innovation and chief privacy officer, my role involves identifying problems customers are facing in data-driven organisations as they try to unlock value from personal data while also meeting regulatory and ethical obligations.
I work with the data science, product and privacy teams to design privacy-enhancing technology (PET) solutions to help solve those problems for our customers, embedding our privacy-by-design approach to product development.
We also work closely with the engineering team, which plays a key role in building these products so that they can work at scale on large datasets in a customer’s environment, are easy to deploy and are cloud agnostic. My role means I am ultimately responsible for developing and managing the product roadmap.
Are you spearheading any major product or IT initiatives you can tell us about?
We have a number of major initiatives underway. In October, we are launching a new privacy risk assessment solution, Truata Calibrate, with general availability scheduled for December 2020.
Using proprietary patent-pending technology, Truata Calibrate provides organisations with a greater understanding as to where the privacy risks lie in their data and how they can be addressed. It delivers the forensic ability to identify and measure the hidden privacy risks within datasets, recommends mitigating actions to be taken to transform the data, which then enables the data to be made safe to use and share.
This ensures that privacy teams have a standardised method to quantify risk, analysts can fine-tune their datasets to maximise utility and data owners can be confident they are making decisions that serve their business objectives and safeguard the privacy of their customers. Truata Calibrate is the first release from a suite of products that Truata will roll out across 2021.
How big is your team? Do you outsource where possible?
There are 13 altogether in the team, comprising data scientists, privacy experts, intellectual property experts and product owners. Because the work we do is highly innovative, highly collaborative and has resulted in several patents, our preference is to do as much in-house as possible, as we prefer to build up our skills and long-term capabilities. We tend to only outsource specific niche initiatives.
What are your thoughts on digital transformation from a data science and analytics perspective?
I am certainly seeing increased sophistication in terms of what companies are doing or are planning to do with their data. Moving from operational analytics reporting on what has happened, to performance analytics providing insights on what will happen, and then growth analytics that indicate how to make it happen.
As companies embark on this journey of digital transformation and leveraging personal data, the associated privacy implications become more complex to manage and require a more systemic approach, including the need to harness technology to automate the management of the data deep at the data layers.
Many companies suffer from having a lack of clarity about what they can and cannot lawfully do with personal data and this has resulted in privacy paralysis, which has impacted analytics programs. At Truata, we are of the view that PETs can remove this paralysis and instil a level of confidence for decision makers in data, privacy and compliance functions about how to unlock value from data whilst meeting regulatory requirements.
This will act to empower businesses to do more with data. Importantly, this can be done in a way that meaningfully demonstrates corporate leadership regarding the responsible and ethical use of customer data, which is key for building customer trust and maintaining brand reputation in today’s digital era.
What big tech trends do you believe are changing the future of data analytics, privacy and big data?
Data analytics will only increase in complexity and importance, especially as technology becomes more pervasive and compute power continues to increase exponentially.
The rise of technologies to monitor our health in real time, detect changes in our environment to make personalised recommendations and connect all of the things that we own means that the potential to analyse every aspect of our lives in minute detail will grow.
As the tools and technologies evolve to enable large-scale collection and processing of massive amounts of personal data, the tools and platforms used to protect the privacy of the individuals behind that data must too evolve so that they can work at scale in an automated way.
In the rush to be more data driven, it should not be forgotten that personal data is about real people and the lives that they lead. I think the deployment of PETs will increasingly be a big tech trend shaping the future of data analytics, privacy and big data.
In terms of security, what are your thoughts on how to better protect data?
As challenges and concerns around consumer trust and privacy intensify, keeping data secure while unlocking its potential is taking on an increased importance for companies. Technology, and in particular PETs, has a role to play in solving some of the problems it has helped create.
Under law, once personal data is no longer necessary for the purposes for which it is collected, a business is required to delete the data or to anonymise it. If a business opts for GDPR-grade anonymisation, it means the data is no longer considered to be personal data and thus has a lower security risk associated with it.
An additional upside is that the business can continue to unlock valuable insights from the anonymised data. Also, the GDPR specifically mentions pseudonymisation as a means of demonstrating you have taken appropriate technical measures to protect data.
Having personal data scattered across siloed datasets and being accessed, used or shared in an unfettered way creates significant security risks and liabilities for a business, and pseudonymising the data is a smart security choice to mitigate that risk.
Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.