Do data regulations properly protect consumers?

Data regulation rightly exists to protect consumers, ensuring their sensitive and personal information remains private. In practice, however, it could impact how enterprises collaborate on key initiatives intended to improve the financial, physical and overall wellbeing of millions of people.

Research by Gartner finds that 75% of the world's population will have its personal data covered under modern privacy regulations by 2024 – and enterprises that fail to navigate this increasingly complex environment could pay a high price. Gartner predicts that privacy lawsuits and claims related to biometric information processing and cyber-physical systems will result in over $8 billion in fines and settlements by 2025.

Many enterprises need to share data to support and protect the public while keeping their information confidential. A fundamental issue is data fragmentation across multiple silos. Internally across borders and externally between firms, with regulatory concerns impacting both. This creates a challenge for enterprises as they often don’t have the privacy and security guarantees to share and access the information within regulatory requirements.

In healthcare, the protection of patient data is critical given its sensitive nature. Genomic data, clinical data, patient disease registries and electronic health registries all exist separately and are distributed across thousands of hospitals and research organizations. However, imagine if hospitals, pharmaceutical companies and research firms could share and collaborate on that data. They could have a substantial impact on the health of the population, saving lives and improving the quality of care.

Healthcare research, for example, depends on the sharing of clinical and genomic data to advance treatments. Doing so would enable firms to identify and develop treatments for people with genomic predispositions and could help determine the effectiveness of treatment measurements across hospital systems. For example, data sharing could lead to identifying rare diseases and the creation of individualized treatment plans to stop these diseases from developing in patients.

Pharmaceutical companies would also be able to improve their pharmacological recipes, which could dramatically improve treatments.

Like health data, financial data is also highly sensitive but can be an asset to protect people from financial crime. Banks and other financial institutions should be relying on data collaboration in the fight against fraud and money laundering, but data siloing and fragmentation is an issue here too.

A typical customer will have multiple accounts with different providers as well as relationships with separate divisions within the same provider. As a result, the end user’s financial data life is fragmented to a point where institutions are unable to truly understand them as customers. In fact, institutions may only see 15% to 25% of their own customers’ overall financial activity. If financial institutions don't truly know their customers, they'll find it difficult to offer timely and useful products. It will struggle to effectively protect itself and its customers against fraud.

Enterprises operating in healthcare, finance and other industries can only share data if they can preserve privacy and confidentiality while maintaining regulatory compliance in an increasingly complex regulatory environment.

The EU's General Data Protection Regulation (GDPR) is a great example of this. Questions on how data can be accessed, much less collaborated on, are a big challenge for organizations. Luckily, new technologies are enabling collaboration in a regulatory compliant manner while unleashing the raw power of previously inaccessible data.

In healthcare, the Health Insurance Portability and Accountability Act (HIPAA) prevents firms in the US from disclosing patient details without consent. This also requires the deletion of specific data fields, removing much of their value. Consent management worldwide is becoming increasingly granular and temporal in nature. Here, individuals are given increasing control over where and when their data can be used. Managing this through the data lifecycle is increasingly challenging.

Many existing approaches to data collaboration can’t offer the privacy guarantees that regulations demand. What firms might not realise is that they don’t have to share the actual data to derive the same insights. What if there was a way to collaborate across jurisdictions while staying within the regulatory requirements?

If firms could have the privacy and security guarantees that ensure the protection of their data and customers, as well as regulatory compliance, they would be more open to sharing information. Two key factors are now making this possible – technology and the formation of a data-driven C-suite.

There is an increasing awareness among enterprises – and regulators – that technology can preserve the privacy of both the data and the analysis being conducted on that data. Privacy-enhancing technologies (PETs) provide such tools. This includes homomorphic encryption, which allows firms to perform computations on encrypted data without ever decrypting it and, therefore, without revealing anything sensitive. This means they can share and analyze sensitive data without revealing the underlying information. Crucially, they stay within regulatory requirements.

Having a dedicated privacy practice and strategy is essential for enterprises. This shift is led by a new wave of data-driven c-suites such as chief privacy officers, chief compliance officers and chief information security officers. These c-suites are responsible for operationalizing privacy requirements and leveraging technology. These teams are well-positioned to embrace PETs and implement a new privacy-first approach to collaboration.

With the right technology and the reassurance they can collaborate within regulatory compliance boundaries, enterprises can now tap into data’s true potential. Crucially, they can do so while protecting their customers and the public while delivering major advancements in public health and financial security.