What is data custody?
Data custody refers to how data is protected and safeguarded throughout its lifecycle, that is, through its collection, transportation, storage, and usage. Data custody also defines the ownership and potential uses of collected data. As organizations collect and store increasing amounts of data generated through their day-to-day operations, many security and ethical questions can arise.
Examples of some of these questions are:
- Who owns data?
- How can data be used?
- Where should data be stored?
- What data protection obligations are organizations expected to meet?
- How should organizations obtain (and inform) consent?
- Who is responsible for data breaches, and to what degree?
Solutions to these issues can be complex and are likely to change over time as new technologies, regulations, and organizational goals are introduced. However, having a data custody plan helps ensure a cohesive response that keeps the organization aligned and protected, no matter the circumstance.
Five reasons your organization needs a data custody plan
The need to keep data safe and secure is mission-critical for organizations and their data operations. Therefore, formulating a data custody plan that outlines best practices and establishes clear data governance guidelines is a necessity. Here are five of the main reasons your organization needs a data custody plan.
1. Regulatory compliance
Major acts that cover data protection and usage, such as Europe’s GDPR and California’s CCPA, present major challenges for organizations that do business in those territories. These regulations give customers greater rights to decide on the custody of their data, whether it can be collected, and how it can be used or shared.
The consequences of non-compliance can include millions of dollars in fines and considerable media coverage and attention drawn to the organization’s failings. Having a data custody plan can help to define terms of data usage to ensure compliance with relevant legislation in different territories.
2. Customer trust
The biggest costs associated with a data breach arise out of customer churn, lost sales, and increased costs of customer acquisition. Even if the breach occurred due to a third party, it’s likely that blame for a data breach will fall on your organization.
Having a clear data custody plan demonstrates how highly you value the safety of your customers’ data and provides them with peace of mind in terms of how their data will be used.
3. Risk reduction
We’ve previously written about the role of data in real-time risk decisions. Risk management is an essential business practice focused on ensuring security of revenue and organizational value. And data plays a significant role in how companies assess and respond to risk. Having a firm grasp on the collection, storage, usage, and protection of its large amounts of data allows an organization to respond to risk in a proactive fashion. Therefore, creating a data custody plan in conjunction with any risk management function will help an organization reduce liability.
4. Ease of collaboration
Without clear governance rules and processes in place that keep shared data secure, companies needing to collaborate experience numerous obstacles. Who owns the data, who can use it, and how it can be used are just some of the challenges that slow down effective partnerships, especially in light of strict data regulations.
A data custody plan can set out well-defined rules on how data collaboration can happen and what proactive approaches should be taken to reduce risk.
5. Clarity of usage
A data custody plan should provide a clear blueprint to all departments in an organization on how data should be collected and stored. Data comes in many forms. As such, all members of an organization need to be aware of the different types of data, such as personally identifiable information, machine data, or operational data. There will be different terms of custody for different types of data, so documenting how they can be identified and treated can help improve organizational alignment.
How technology enables better data custody
Using a virtualized data layer to connect dispersed data assets allows an organization to define data operations within the terms of their data custody plan. In this manner, data can be organized dynamically depending on a given situation’s specific needs, regardless of its origins. For example, by setting fine-grained access controls on the data held in several sales spreadsheets, a data custodian can ensure the data is used appropriately. Different permissions can be given to users who simply view the data and others who need to make changes. Data owners don’t need to worry about the safety and security of their sensitive information.
Interoperable data technology, such as Intertrust Platform, gives greater control and security over data, allowing the implementation of an effective data custody plan. This ensures compliance with data regulations by improving the security and segmentation of data. Collaboration is also made easier, as all shared analysis is performed in isolated data containers with clear governance policies. Only the necessary data is queried, and the terms of the collaboration are easier to enforce.
To learn more about how Intertrust Platform is helping organizations reduce risk, ensure compliance, and improve customer trust through better data custody, you can read more here or talk to our team.
About Abhishek Prabhakar
Abhishek Prabhakar is a Senior Manager ( Marketing Strategy and Product Planning ) at Intertrust Technologies Corporation, and is primarily involved in the global product marketing and planning function for The Intertrust Platform. He has extensive experience in the field of new age enterprise transformation technologies and is actively involved in market research and strategic partnerships in the field.