Embedding Data Protection by Design in Analytics Services
As an analytics platform, Mode operates in a very contentious space with respect to data protection and privacy. In fact, data analytics and privacy are often viewed in conflict with each other. But are they necessarily at odds? Can you not have your cake and eat it too? At Mode, we believe you can.
When data analytics and privacy collide
Services and platforms that utilize or enable analytics have consistently been under scrutiny when it comes to meeting reasonable expectations of privacy. Contrary to traditional notions, collecting and keeping too much data is actually counter-productive for the business in this new realm where consumers are becoming more privacy-conscious. Furthermore, processing and analyzing data without fully recognizing the obligations attached to it based on sensitivity can also lead to negative consequences.
Consequences of ignoring privacy not only include exposure to legal but also organizational risks. It creates a reactive company culture with respect to privacy, which reflects poorly on organization’s commitment to its customers and can also lead to poor employee confidence. On the other hand, clamping down on analytics also has significant downsides, as the company is unable to identify trends impacting the business, understand what works and what doesn’t to help business grow, or identify actual business problems and their solutions that are surfaced only by asking the right questions.
How to strike the right balance?
How is then an analytics platform to help the business unlock the potential of data while avoiding any privacy mis-steps?
The answer lies* *in taking prudent design decisions and adopting a culture that encourages them, as we explained in our panel presentation at the IAPP Privacy Engineering Forum, in which we were joined by one of our customers, Shopify. Together, we outlined a case- based on our respective experiences of building analytics platforms- of how data analytics and privacy can go together when privacy considerations are baked not only in the design but also in the company culture.
We recognize, even more so based on the questions received after our presentation, that this is often talked about but rarely observed in practice. It is also a sad reality that many companies often do lip-service to concepts like privacy by design and privacy culture. Fortunately, since i started working at Mode, i observed a very positive trend. I was excited to see data protection as being a core value that is not only reflected in how the product was designed, but also valued as part of the company culture. It does take conscious effort to get there, and here are some highlights of how we did that at Mode.
Design considerations for privacy
Sanitizing data feeds
It is important to know when not to keep personal data. At Mode we took the decision to keep sensitive customer data out of specific analytics databases that are not designed for that purpose. In order to do that, we exclude tables and columns that have sensitive fields as well as fields for which there’s a reasonable expectation that they may contain sensitive data (e.g., queries, notebook cells, report descriptions). There is a dedicated script that sanitizes the data feed going into the analytics databases. In doing so, we make sure that applications that are not designed for the purpose of analyzing sensitive personal data will not have access to it.
Splitting up data workflows
The ability to identify where personal data is present in the data processing pipeline helps businesses avoid the risk of accidentally violating associated data privacy obligations when processing or analyzing that data. At Mode, we took the decision to split the data processing pipeline into projects that include sensitive customer data, and those that do not. Doing so sets clearly distinct different levels of scrutiny that depend on the sensitivity of the data processing pipeline. For e.g., we can cast a much wider net on marketing pages in terms of what 3rd party scripts are allowed to run than on other pages in the application that process sensitive customer data.
Isolating sensitive data storage
Isolating sensitive data while adding friction to- but not blocking- access to it indicates that it merits higher degree of scrutiny. At Mode, we took the decision to separate the storage of customer query results from the queries that were run and their meta-data. Because the sensitive information is found in the results of the query, and typically not in the query itself, storing the results separately would allow us to isolate the repository to which we needed to apply the most restrictive policies, such as requiring encryption at rest, need-based and minimum necessary access, and applying data retention rules. Doing so can be technically challenging and cost-prohibitive if done for entire storage.
Value of data protection culture
These privacy considerations must reflect the right level of encouragement as part of the company culture that embraces taking prudent privacy decisions. The leadership must support prioritizing protection of customer data over short-term gains. At Mode, we walk the talk and embrace these values as part of our culture. The team is encouraged and empowered to take the right decisions for the right purpose. The true test of whether your culture values privacy is asking yourself this simple question: what are you willing to give up for it? We also consider this as part of our relationship with our vendors and partners, and pursue an appropriate course of action when we notice any red flags related to their values on privacy.
You can read more in this blog post published by the IAPP about these design considerations and prudent privacy practices that are incorporated both in our product and company culture. In fact, they help Mode become a trusted data analytics platform.
If you’re interested in contributing to our continued efforts in this space by working with us, take a look at our careers page.
By Rafae Bhatti | Director of Security and Compliance