SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
ABI Research calls for universal data governance framework
Fri, 18th Mar 2022
FYI, this story is more than a year old

Since the emergence of big data, the attention on legitimate and transparent data collection, management and analytics is now greater than ever.

To better protect the welfare of their citizens, guarantee national security and safeguard their sovereignty and competitiveness, governments around the world have introduced privacy laws and data protection regulations.

However, in its new whitepaper, 'Data Governance: Definitions, Challenges, and a Universal Framework' global technology intelligence firm ABI Research argues that the current laws and regulations do not go far enough.

The researchers state that a new universal data governance framework must be introduced to address the data governance needs in emerging technologies.

In the early Internet era, most of the data captured in databases were Personal Identifiable Information (PII) and metadata. Published in 2016, General Data Protection Regulation (GDPR) is a game-changing piece of regulation that dictates and governs how the European Unions citizens PII is used, stored, and shared.

Since its formulation, public agencies, private corporations and non-governmental organisations have established internal data governance practices to comply with GDPR and similar regulations.

This includes Brazil's General Data Protection Law, China's Personal Information Protection Law, Japan's Act on the Protection of Personal Information, and South Africa's Protection on Personal Information Act.

ABI Research principal analyst Lian Jye Su says, “Despite all the effort, the global regulatory environment remains very fragmented. A good example is the United States. There is no common consensus to handle PII among the different states and industry actors. Navigating through all these regulatory requirements across different jurisdictions is very time-consuming and exhausting.

"In addition, the classification of new PII, such as audio recordings and IP addresses, remains unclear. A new data government framework that introduces broader definition of PII can go a long way to protect customer rights and privacy.

"As the world is becoming increasingly interconnected and information flow shifts rapidly towards digital platforms, these data do not respect national boundaries. A universally accepted and well defined data government framework can reduce regulatory complexity and remove barrier for adoption.

More importantly, most of these regulations are not futureproof, the researchers argue. As of 2022, all data protection regulations focus on PII.

While PII remains critical for certain verticals such as social media, sales and marketing, and banking and finance, other enterprises are processing an increasing amount of machine-generated data, geospatial data, and synthetic data for emerging technologies, such as Real-Time Location Services (RTLS), cloud and edge AI applications, autonomous driving, digital twin and metaverse.

As enterprises adopt and deploy these technologies in their daily operation, they are also adopting cutting edge data management and processing techniques.

A universal data government framework can introduce regulations to prevent malicious usage of data types beyond PII. The framework can guide enterprises on the right mechanism when dealing with distributed and large-scale data collection, processing, and storage. It can also help to ensure data identification, accessibility, interoperability, and reusability, explains Su.

Su says, “Ideally, this new data governance framework designed by an internationally recognised standard development organisation, such as the International Organization for Standardization (ISO) or the International Telecommunication Union (ITU).

"Furthermore, it must be universally accepted, forward-looking, and focuses on fairness, equality, and data sovereignty. Emerging technologies have proven to be great tools to eliminate economic inequality, promote digital literacy and accessibility, and empower marginalised communities.

"However, how they collect and store data cause legitimate concerns around data sovereignty, commercial malpractices, and cybersecurity. Therefore, the industry must work together to develop a universal data governance framework that can minimise these concerns and allow the technologies to reach their full potential.