It’s time for new models of data protection

Equifax, HSBC, British Airways, Cathay Pacific, Marriott, Quara – and we could continue the list much further. They are some of the companies that have had a significant customer data breaches this year or last. Does anyone believe their data is really safe with any company? Should we have totally new models to protect and use data?

These cases have demonstrated that hackers can get to most companies and steal your data – if they really want to. Name, address, passport details, credit card numbers and passwords of hundreds of millions individuals have been stolen this year alone. After a breach, some companies have offered their credit score and identity theft protection services for free.

I wrote earlier about the avocado model to consider for data protection, making a difference between hard core data and data that is less critical. It is one example of new paradigms to better focus on critical data and detect attacks. But many companies are still in a very early phase with their plans to change the paradigm. They still believe that just by putting bigger locks on the main door they are safe.

It is also often said that the worst scenario is not that your data is stolen, but if someone is able to modify your data you could lose your credit score, be seen as a criminal or terrorist and be unable travel and get a visa anymore. This can happen, if criminals get access to data and don’t steal it, but simply modify it. We can also have many other terrible scenarios like nuclear weapons, airplanes, food processes and many other things, if the data is compromised.

Distributed data

Blockchain and distributed data models have gotten plenty of interest during the last two years. Cryptocurrencies and tokens have dominated the discussion but significant technological and data model concepts have received less attention. These also offer new models for data management and protection. Distributed data models are not necessarily based on blockchain or only on blockchain. The important part is that there is no one party that collects and keeps all data for a certain purpose.

These solutions can offer several new offerings to better protect against stealing or misusing of data, for example:

1. Consumers have their own data contained in their own service and only the needed data details are used in a transaction and the data is not copied elsewhere;
2. Components of the data are distributed to several different places and components are only combined in transactions when they are needed together and all the data is not kept in one place;
3. Public blockchain has a check sum to verify correctness and authenticity of data;
4. Encryption and tracking models (like digital rights management) are implemented to control the use of data.

These are just some concepts that are emerging and they include several detail variations. They illustrate that data models and protection are also encountering a disruption. This is linked to privacy, but goes much beyond traditional privacy and data protection thinking.

These are changes that don’t happen rapidly and we have a lot of legacy systems and ‘experts’ to handle data management. It is, anyway, quite clear that problems and risks cannot be handled only with traditional models. Many companies now just try to buy time for their old ways to manage data.

Consumers haven’t been too keen to worry about or protect their data. This year has been a turning point, but the reality is that people still look for easy solutions. We can expect changes only, when there are easy enough options for consumers and companies to protect and use their data in a new way. We already see startup activities in this area, and it is a matter of time, when we start to see more mainstream solutions.

The article first appeared on Disruptive.Asia.