The demand for self-service analytics is placing unprecedented pressure on organizations to provide its workers easy access to the organization’s data assets. Simultaneously, rapidly-expanding data privacy regulations are requiring limitations and safeguards be put in place or an organization could face significant legal and reputational repercussions.
This year’s DAMA Day will focus on these two topics and highlight how firms are attempting to strike the right balance between them.
Important info for IAPP certified professionals: The IAPP has pre-approved DAMA Day for 7 CPE credits! More information can be found on the IAPP Industry Events page.
Key Note: First Comes Ethics, then Come Democratization
Presented by Aaron Weller
While allowing broad access to data sounds like a great opportunity - if you consider how valuable that data can be, there is clear risk in democratizing access without appropriate risk management in place, but where traditional risk management doesn't have the answers, what can you do?
Building a culture of responsible data usage with a strong ethical basis within your organization will allow you to both reap the benefits of data democratization and respect personal information in accordance with your organizational goals and those of other stakeholders. Think beyond compliance and about how to develop and deliver a culture that makes data work for you.
Data Privacy: Can you future proof your data governance in a rapidly changing world?
Presented by Brendon Lynch
New and updated data privacy rules and regulations are proliferating globally, making the governance of personal data increasingly challenging. At the same time organizations across all industries are transforming digitally and using more and more data to help drive product innovation, employee productivity, operational efficiency and customer connectivity. Data governance programs increasingly need to take account of various privacy requirements around the world while ensuring that those digital transformation benefits can be realized. In this session, you will hear how Microsoft is seeking to deliver a principled, globally-consistent privacy experience to its customers while maintaining compliance with a growing list of privacy and data protection laws around the world. It will also explore the important question of whether a common set of data privacy practices and controls can not only enable compliance with the varying requirements around the world, but can also ‘future proof’ us against what might be on the horizon.
Panel: A Foundation for Data Democratization
Presented by Jeff Steffens, John Krpan, Ray Palokovic
Take advantage of an well informed panel that covers the topic of Data Democratization from a number of perspectives. Four panel members will exchange light-hearted debate on what it will really takes to achieve the goal of Data Democratization based on their respective battle scars. The audience will gain an appreciation for the trade-offs in privacy, user control, traditional data governance and why “thinking big” isn’t always the answer (but thinking critically is).
Gold Sponsor: Denodo
Data Democratization with Proper Guard Rails in Place
Presented by Saptarshi Sengupta
What makes data scientists happy? Of course, data. They want it fast and flexible, and they want to wrangle data themselves. But most classic data warehouses (DW) and data lakes are not easy to deal with for agile data access. A more practical solution is the logical data warehouse (LDW), which has shown to be a more agile foundation for delivering and transforming data and makes it easy to quickly plug in new data sources. When the right data is made available at the right time, it can also make any business user happy too. But does that work for the IT and compliance departments? Self-Service BI promises to remove the bottleneck that exists between IT and business users. The truth is, if data is handed over to a wide range of data consumers without proper guardrails in place, it can result in data anarchy.
Attend this session to learn why data virtualization:
- Is a must for implementing the right self-service BI
- Makes self-service BI useful for every business user
- Is key to proper data governance and data security
Panel: The Data Ethics of Emerging Technologies
Presented by Karen Nadler, Karl Gerner, Tonya Gissleberg, David Rice
New technologies have created a surge in the collection, use and volume of data. Artificial Intelligence (AI) enables the processing of enormous quantities of information, allowing it to identify data patterns and make decisions on a scale and pace beyond what humans can do. Internet-connected devices (referred to as the Internet of Things or IoT) collect data about their environment constantly, including where people are and what they are doing. Autonomous Vehicles (AV) use data sets and algorithms to able to travel with less and less human intervention over time. Facial recognition software makes it easier to identify people quickly and automatically.
There are tremendous societal, business and individual benefits to these technologies. But there are also risks and questions.
What are the ethics associated with these technologies? What happens when inputs and algorithms lead AI to create and reinforce data bias? What are the privacy and security concerns associated with IoT and facial recognition? What are the ethical issues associated with AVs that must “decide” how to respond in an emergency? Are data ethics uniform across technologies or are they specific to each one?
What duties do the creators of these technologies owe to the people whose data is collected and used, if any? Will the US answer these questions in the same way as the rest of the world? How is the law shifting to address these concerns?
Breach Fatigue: An opportunity
Presented by Bar Lockwood
One of Gartner's 2019 and Beyond Predictions asserts that through 2021, social media scandals and security breaches will have effectively "zero lasting consumer impact." And no wonder! Breaches of millions, and sometimes billions, seem to happen monthly. The so-called Collections #1-5 Megaleak of 25 billion records, representing 2.2 billion unique identities was mocked only a few weeks later by another 620 million records stolen from 16 websites in February 2019. How many times does our private information need to be stolen before it no longer matters?
When it comes to "breach fatigue" we are already there. A recent Harris Poll reported that only 20 percent of respondents said they “completely trust” organizations they interact with to maintain the privacy of their data. Customers don't believe we can keep their data safe. Regardless of the penalty implications of GDPR and CCPA most companies know they are right, some having shockingly proven them so with multiple recent data breaches.
What does it mean when no company can reasonably expect to protect its private data? How does that affect our perception of regulations like GDPR and CCPA that define protection expectations and disclosure penalties? And how can we argue security as a "competitive differentiator" when customers no longer have confidence in protective measures. Where do we go from here?
In this session we'll explore:
- the current threat landscape and trends, and how they challenge security obligations set forth in privacy regulations
- how breach fatigue may influence privacy and security perception and strategy
- how we might leverage this to improve overlooked areas of data management, security, and corporate resiliency that have eluded us for decades.
Data Governance in a Changing World
Presented by Dave Wells
Conventional data governance practices come from a simpler time when data management was free from many of today’s challenges such as agile development and self-service analytics. Traditional data governance focuses first on enforcement of policies and controls. Enforcement continues to be needed, but it should be used as a last resort and not as the first or only governance technique. Adapting old governance practices to support the autonomy and agility of the modern data management world is a must. Modern data governance needs a new approach that:
- Emphasizes prevention and intervention over enforcement
- Reduces complexity with a minimalist approach to policy making
- Manages complexity and advances data literacy through data coaching
- Replaces hierarchical and authoritarian decision rights with collaborative decision models
- Shifts from slow and rigorous change control and issue resolution processes to agile and adaptive change and issue management techniques
We can’t actually govern data; we can only govern what people do when working with data. Recognizing that data governance is more focused on people and culture than on technology can truly change the game. It is practical to implement data governance practices that are not in conflict with agility, speed, self-service, and autonomy.
Reducing Data Privacy's Impact on Business Velocity
Presented by Brian Schrameck
Privacy is becoming a differentiating characteristic for organizations. Consider Apple, who routinely touts privacy as a strong selling point over their competitors. But when business units that rely on analytics and data science hear the terms “data governance” and “data privacy”, there is often trepidation. “How will these policies affect my analysts and data scientists?” “How much red tape am I going to have to deal with?” Introducing comprehensive governance controls naturally leads to a mandate versus mission argument with some of the enterprise. There are those who want to leverage data democratization to transform and accelerate the business, but are having trouble reconciling that mission with the mandate to ensure governance and privacy. Reducing the friction between the governance organization and the data consumers, but not at the expense of security and privacy, is key to enabling innovation and organizational velocity.
This talk will focus on the processes and concepts that allow organizations to continue accelerating their differentiation in the marketplace with data, while still adhering to sound privacy and governance principles.
THANK YOU to our 2019 DAMA Day Sponsors!
Aaron, a Fellow of Information Privacy, has over 20 years of global experience in security and privacy. He led PwC's Western US Privacy practice for 5 years, and was the CISO for two multi-national retailers prior to leading GDPR efforts for a major technology company. He is now VP, Strategy for Sentinel, a privacy technology and consulting company.
Bar Lockwood is a CISA and CISM with industry recognized credits in security integration. She has worked as a Data Governance Lead, SOX Manager, Threat Intelligence Specialist and Security Manager at Microsoft & Premera. Her focus is cross-discipline alignment to achieve optimal security. She currently works as a Principal Product Security Leader at GE Power Grid Computing.
She is currently focused on national infrastructure protection and is currently engaged as Principal Product Security Leader at GE Power Grid Computing.
Brendon Lynch is the Chief Privacy Officer of Microsoft where he has, over the past 15 years, had responsibility for Microsoft’s data privacy governance, influencing customer privacy solutions and engagement with external stakeholders. Previously, Brendon led the privacy business at software maker, Watchfire and spent nine years in Europe and North America with PricewaterhouseCoopers where he provided privacy consulting services. Brendon is a Certified Information Privacy Professional (CIPP), a former Chairman of the Board of Directors of the International Association of Privacy Professionals (IAPP) and was the 2017 recipient of the prestigious IAPP Privacy Vanguard Award.
Brian is an established Sr. Manager and Sr. Solution Architect with 11 years of experience and currently leads the national Data Analytics practice at Sila, a management and technology consulting firm. He specializes in guiding functional and technical resources to facilitate data driven cultures via data management, engineering, analytics, and data science initiatives. Brian has earned the CISSP and holds a Master’s in Software Engineering.
Dave Wells is Data Management Practice Director at Eckerson Group, a data and analytics research and consulting firm. Over a career of 5 decades he has filled many data management roles including implementer, architect, and manager. Modernizing data management is Dave’s main focus today as big data, analytics, self-service and other trends reshape the world of data management.
David Rice is a partner with Miller Nash Graham & Dunn LLP who advises clients on vendor contracting, data security, data privacy, and IT/cloud infrastructure issues. David is CIPP‐US certified by the International Association of Privacy Professionals. He has over twenty years of experience working with clients on data privacy and security related matters.
|Jeff is the Founder and CEO of the Management Consulting firm FocalPointe Group and has demonstrated expertise in helping companies achieve desired outcomes while simultaneously building the clients’ capacity and capability. He is currently leading a team of data professions through a data breakthrough initiative to create a path forward for a data governance strategy.
|John is a Partner with FocalPointe Group who focuses on the identification and implementation of practical solutions to complex problems. John’s operational experience includes governance, digital transformation, data governance and managed services. While transferable across a range of industry, the bulk of John’s experience is in telecomm, healthcare, retail, manufacturing, energy and finance.
Karen Nadler is a Seattle attorney with over 25 years of experience, working primarily in the fields of privacy law and technology transactions. She is admitted to practice law in Washington, New York, and Georgia. Karen established her firm in 2017 and serves as a Data Protection Officer. She is a Certified Information Privacy Professional for Europe and the US.
Karl is a member of Buchalter’s Seattle privacy team. He is CIPP/US certified and handles privacy and cybersecurity matters for a broad range of clients from EdTech and FinTech startups to Fortune 500 and multinational companies in the hospitality, retail, and online dating industries.
He also serves as a Director of the Military Spouse J.D. Network, advocating for state licensing accommodations for the attorney-spouses of U.S. military personnel.
|Ray has been deeply involved in data management strategy for the better part of the past 15 years, having built both technology and business teams to glean business value from data resources. From his career origins in law and litigation, Ray brings a unique perspective to the strategy and practice of business intelligence, master data management and data governance.
|Saptarshi Sengupta is the Director of Product Marketing at Denodo Technologies. He is responsible for leading Denodo's customer marketing, analyst relations, press relations, product marketing and many other aspects of the marketing function. Saptarshi brings in a wide range of industry knowledge including semiconductor, networking, consumer electronics and enterprise software and almost two decades of engineering and marketing leadership experience. Saptarshi holds an MBA from Cornell University and has published two IEEE papers in semiconductor space.
Tonya is an experienced privacy, cyber security and copyright law attorney, licensed to practice in Washington State. Tonya graduated from the University of Washington with B.A. and LL.M. (Intellectual Property Law and Policy) degrees and from Seattle University with a J.D. degree.
Tonya is a blogger, blogging on privacy at Privacy Pith and blogging on copyright at Seattle Copyright Watch.