Policies Need to Govern Nontraditional Technology and Related Data
Updated: May 24
Nontraditional technology, like the Internet of Things (IoT) and Artificial Intellegence, is becoming more prevalent across most industries, from implanted medical devices to connected vehicles. Data is being generated from products that previously didn't generate data. Medical devices today can send data about your medical condition directly to your doctor or a third party that interprets the data for your doctor. Your vehicle can send data back to the manufacturer about tire pressure and location data when an accident occurs. As technologies continue to advance, corporations are struggling to govern the data produced by new technologies.
The ability to identify what data is being collected, generated, received, transmitted, stored, shared, sold, etc., by new technologies is becoming very complex, which makes it challenging for organizations to govern the data per laws and regulations. Furthermore, the risk of cyber-attacks on nontraditional technology has increased over the last few years as bad actors realize the value of the data these technologies generate. Cyber-attacks can target various electronic systems, communication networks, algorithms, software, hardware, and the data itself, potentially compromising the quality of the data and exposing sensitive personal information to bad actors.
Deployed nontraditional product technologies and associated data are generally not managed in their company. It often needs to be made clear who is responsible for ongoing information governance and data protection when captured data may be automatically sent to a third-party device for storage or analysis. Typically, product engineers own the development of the technology and the related data network design, but they don't own the product or data once it is implemented or deployed. Similarly, security and information governance professionals are traditionally part of an IT or legal department and don't deal with product-related technology or data.
When ownership is unclear, it is challenging to develop information governance, privacy and security policies, and retention schedules to address ALL data in a corporation because no one at the table can represent the needs of the "data owner." Similarly, we find that data assets and privacy inventories never address data being collected by nontraditional technology such as medical devices, products that transmitted data, data collected by an Apple or Droid Apps, data being sent from a vehicle, data being sent from a household product, data being sent from a time clock, data being generated by Artificial Intelligence, etc. This usually contributes to a need for more evident ownership of this type of data.
Kahn Consulting has spent the last decade enhancing our processes and expertise related to nontraditional technology and its data output. If your company would like to determine if nontraditional technology and associated data are part of your information governance program(s), don't hesitate to contact us to learn more about our Information Governance Assessment.
#informationgovernance #infogov #cybersecurity #KahnConsultingInc #PrivacyLaws #NontraditionalTechnologies #Compliance #DataProtection #DataCollection #LegalConsultation #InformationGovernanceAssessment #CyberAttacks