Data is a topic often in the media, with recent coverage following the data breach in a central American law firm resulting in worldwide analysis and comment on the use of shell companies, offshore entities and money laundering accusations. A few months prior, the discussion was focused on encryption and US law enforcement hacking of mobile phones to access potentially incriminating data. It is ironic that differing policies and processes around data from one case to the other may have kept the specifics of financial accounts altogether as opaque as their beneficial owners had intended.
The UK government classifies a cyber attack as a tier 1 threat to the country alongside terrorism, military crisis and natural disasters. Government research has found two thirds of UK businesses have been targeted by cyber attackers in the last year. Risks and implications of a breach involving sensitive information being leaked or lost entirely are almost certain to attract litigation, reputational cost and regulatory investigation with fines up to £500,000 from the Information Commissioner’s office.
Failure to take appropriate measures to protect sensitive and valuable data may also lead to claims against directors personally for a breach of fiduciary duties. Regardless of industry or use case, reasonable steps to protect and mitigate the risks related to cyber attack should be implemented. Cyber insurance can be put in place, response planning implemented, but creating a policy and distributing via email isn’t going to do the job. Managing data and privacy risks should be handled like any other business critical assets whether that’s infrastructure, staff well.being, supply chain or cash flow, which are all susceptible to external security attacks. Methods to address the risk include:
•Create a simple risk management process: Understand the risks faced and accept what relevant level is acceptable. Assign board level or senior management to identify these risks
•Be proactive not reactive to risk: Take a varied and creative approach to reduce risk, understand misuse cases and predict worst case scenarios for internal and external attacks. Taking preventative steps may avoid or reduce remedial action.
•Take a continuous approach to risk management It can’t be viewed as a one.off or periodic review. Threats evolve so systems should be kept up to data and monitored either internally or in conjunction with external assistance of ethical hackers or security consultancy.
•Understand your obligations Under the Data Protection Act 1998 and have processes in place to detect, report and investigate a data breach. Make your organisation aware of the General Data Protection Regulation (GDPR), which will be enforced from 2018. The Information Commissioner’s Office has a volume of accessible information available now at no cost. Inaction could be costly.
Data, as previously mentioned, is a valuable asset, often sought after whether by criminals, or indeed competitors. Our data infrastructure is as important as our physical infrastructure. Physical infrastructure is often carefully planned to allow a business to grow; data should be treated in the same way. A strong and open data infrastructure can increase collaboration and efficiency, grow supply chains and reduce transaction costs. It comes in various forms and can be grouped into three main areas:
•Closed: Secure, private and controlled by a small group of management at board level that usually includes strategic plans, financial documents and commercially sensitive content.
•Shared: Shared internally based upon access rights, includes employee records, supply chain contracts and stock levels.
• Open : Contains Companies House filings, transport timetabling and information like weather data.
Just as Closed data should be secure, Open data should be open. Almost all products and services generate data that can be of value. Built environment sensors are now being integrated into ‘internet of things’ applications linked to self.serve smart point.of.sale software among many other examples. As businesses reach scale, staying innovative and agile can be a challenge. An open approach to standards, innovation and data can help keep pace with change, opportunities and retain a competitive edge.
This may sound like an interesting idea only relevant to a small section of technology companies, however a recent report by the Open Data Institute analysed 270 open data companies across UK sectors and regions with a combined annual turnover of £92bn and 500k employees. Technology should be approached as an enabler with data as the underpinning infrastructure that creates value for business. Tesco were quick to understand the value of their data with their loyalty scheme in the late 90s. Since then they have used an open model to drive efficiencies into their operating model. An example is their use of external and open weather data combined with sales records across individual units to create hourly demand models and change product mix and forecasts. A predicted 18 degree temperature change was found to increase bbq product sales by 300%. Weather data modelling has helped Tesco reduce revenue losses caused by stock.outs and the amount of inventory held, reducing losses to spoilage.
If you’re new to the idea of extracting value from organisational data, an example of a start.up harnessing data for mutual gain is BlackBX. Recently supported by the EP network, it provides legally compliant WiFi for restaurants, bars, hotels and venues. A frictionless branded experience is provided in return for sharing customer data with the vendor. It identifies demographics, peaks in demand and assists in forecasting stock levels through integration to hardware.
As the value of data analysis becomes widely understood and acknowledged, businesses of all sizes should take stock of their strategies to protect and maintain data assets and consider technology as a core part of day.to.day business. The growing area of Open Data and the Open Innovation are where the strategies and opportunities of today, tomorrow and your next three to five years of sustainable growth lie.