Legal View

Is dark data putting your business at risk?

Read time 4min 20sec
There is no single point of visibility for all business data.
There is no single point of visibility for all business data.

Much has been said about data being the most valuable business asset, but few organisations realise that almost 80% of what they store is 'dark data', or data they do not even know exists.

So says Amit Ashbel, Cognigo's head of marketing, who describes dark data as all of the information collected and stored by a digitalised organisation that is not maintained or monitored.

Cognigo, a start-up founded in 2016 by a team of machine learning and enterprise data security experts, says it offers 'human-free' data protection and compliance with regulations like GDPR, using artificial intelligence (AI) and machine learning.

Dark data is not purposely hidden, but rather badly maintained and governed.

"Although companies depend on data to better serve customers, deliver accurate marketing and grow their business, the problem is that the number of data storage locations and methods of collection have grown dramatically and have become out of control," he says.

"In today's privacy era, a document that includes any personal information (as defined by privacy regulations) should be maintained and protected according to law. We are seeing that most data breaches result in theft of data that was not protected or properly maintained mainly because there is no single point of visibility to all that data."

Recent laws such as GDPR, CCPA (California Consumer Privacy Act), POPIA and other privacy regulations are redefining 'personal information' and how it should be handled.

"We are already seeing major organisations such as Google and Facebook being fined for improper data privacy management. However, they are not alone. The fines for ignoring these regulations are quite significant and can impact business growth and stability."

Single data location

Ashbel says dark data can be found in any place that stores data. "Documents and files can be found in file servers, workstations, databases, applications, cloud services such as Azure, AWS, Google Cloud, and more. These critical assets are often unknown to data security teams, so it can be challenging to locate and protect any at-risk data."

This is compounded by the fact that many organisations use traditional, outdated security tools that rely on manual rules, and were not designed to support the massive amounts and different types of data that we see flooding businesses today.

To effectively manage and control data, organisations should set up a single location where all its data assets can be discovered, classified and categorised.

Content, context

In addition, in order to identify and understand data, organisations must have a cognitive human understanding of its content and its context. "For example, if a document mentions a customer's favourite type of cuisine is Spanish, no actions are necessary."

However, he says if it notes that a customer is of Spanish citizenship, there may be a privacy violation that needs to be addressed. "Advances in AI, such as natural language processing, are helping computers understand and help solve this problem."

This is all part of proper data management, which is not only important for compliance and security, it can also lead to better business decisions, says Ashbel.

"Data is the new currency and holds tremendous value for all organisations. The more data insights you have on your customers, the better you can adapt and serve them, leading to increased customer loyalty and business growth through word of mouth."

Data loss or ignorance of the data possessed has the opposite effect and can cause a company to lag behind its competitors. "Having a proactive strategy is important because it puts power in your hands, preventing you from being caught off guard later by a breach or customer who wishes to inquire about their information."

Who is responsible for data management?

Typically, he says, data management has been split between a company's data protection officer, who has authority over topics concerning data privacy, and its chief information security officer, who oversees regulation.

"However, new regulatory laws and shifts in priority have led companies to blur the line and link the two departments. They want to find leaders who are well versed in both areas, have expertise when it comes to a business's technology, and are also familiar with legal matters as they pertain to security.

"We expect that a new group will soon begin to emerge within organisations - privacy operations - which will see heads of security and privacy teams come together to serve as cross-departmental experts in how to efficiently and securely manage data while adhering to all regulatory law," concludes Ashbel.

Login with