Data Privacy and Fallacies

To improve data privacy and security, enterprise IT and business users are taking a harder look at their data collection policies.  Axway’s Brian Pagano says ensuring data security and privacy often starts by simply asking what data is necessary to collect.

Tags: Axway, cloud, data, encryption, privacy, PKM, security,

Brian Pagano, Axway
Brian Pagano
Chief Catalyst

"The most effective action a company can take is to step back and examine the types of data flowing through the system and being stored."

Intelligent Data
Analytics, Apps & Data for Success in the Digital Enterprise
July 21, 2022
Virtual Summit

Moving to the cloud provides many well-known benefits such as economy of scale and elasticity, but the cloud does not remove issues like security and data privacy. Now, much of the physical and device-level security will be handled by the cloud provider. So, let’s look at the portion that is undeniably in the hands of your company: data.


If you were given a paintball gun and asked to choose whether you want to splat the person standing still or the person running around the room, you would probably choose the stationary target. This hints at the dangers of large pools of stationary data (data-at-rest).


In Personal Knowledge Management (PKM), there exists the concept of the Collector’s Fallacy, that it is somehow beneficial to collect and store tons of information in the hope that it might prove useful somehow at some point in the unspecified future.

But, it never works out. Instead, your entire knowledge system gradually becomes less useful. Effective PKM entails being selective about which types of information you will actually use.

Nobody Can Steal Something From You That You Do Not Have

When I was young, taking karate lessons, I asked my sensei the best way to block a punch. He looked into my eyes and said. “The best way not to get hit by a punch is not to be in the room when the punch is thrown.”

At first I thought he was joking, but I have since made it a core principle of how to live.


This lesson applies to data and security too.


Instead of placing all the focus on tighter configuration and product-level security, what about looking at the data which passes through your system (data-in-motion) and the data which gets saved (data-at-rest). No hacker can steal data which you haven’t collected. The best way to protect your users’ data is not to collect it at all.


Now, obviously, you need to collect some data to service your customers and to provide personalized service. You have to collect something, but you don’t need to collect everything — in the hope that it might be useful somehow at some point in the unspecified future (collector’s fallacy).


The most effective action a company can take is to step back and examine the types of data flowing through the system and being stored. Is it still necessary? Was it ever necessary?

Let’s Have a Talk

So what about this data which is necessary?


Well, from a technology perspective, you layer every best practice around encryption and redundancy, access controls and audit logs on top of the security layers present from your cloud provider. But, once again, the most important step isn’t around technology.


In today’s market, communication is key.


Companies who clearly state which types of data they are collecting and for what purpose, gain customer trust.

Apple gives companies a chance to state why they need to collect your data in a little pop-up when you install an app, yet many companies just leave the default text. What a shame. If they could just type a few sentences to explain how they will use your information to provide a better service, most users will readily agree.


And, since no company is immune to problems, when trouble does occur, be quick to inform users and explain what happened, how it affects them, and what you are doing to ensure that the problem doesn’t happen again.


This kind of goodwill goes a long way in increasing trust and providing the basis for a long relationship between you and your customers.


A recent Axway survey found that 86% of people are at least somewhat concerned about who has access to their data in the cloud. Yet, many companies resort to 20th Century secrecy, erroneously thinking that admitting they are not perfect and have experienced a problem will diminish their brand in the customers’ eyes.


Of course, the opposite is true. Quick, open communication increases customer trust.

What To Do For Data Privacy and Security

It might come as a surprise that two of the most important actions you can take around data privacy and security are not technological:


Review the types of data you are collecting, strive to store the minimum amount of data necessary. You won’t be holding extra data in the event of a breach.


Communicate early and often with your users. Let them know you value their information and respect them as people. Tell them how you will use this information in a way that also benefits them. And communicate quickly when an incident or problem occurs.


No company is perfect and any company that claims never to have had a problem is lying.


Instead of trying to be perfect or impenetrable, how about being smarter and more forthcoming? Those are achievable objectives.


Brian Pagano is Chief Catalyst at Axway, which helps companies move forward faster and create brilliant digital experiences using its Amplify API Management Platform and proven MFT and B2B integration solutions. Earlier, Brian served as Global Platform Strategist at Google and was VP of Digital Success at Apigee.