Data Protection in the New Regulated Era
October 23, 2019 Alex Woodie
Companies must protect their data from all sorts of threats these days, including power outages, failed servers, and drive crashes. But one of the most important aspects of data protection today is ensuring the security and privacy of data, which is mandated by a slew of emerging data regulations.
In May 2018, the European Union enacted the General Data Protection Regulation (GDPR), a far-reaching new law that gave people sweeping new rights over their data. While GDPR ostensibly just impacts EU citizens, many large companies in the U.S. and other countries adopted new security and privacy processes to ensure consistence in compliance.
But now the U.S. is about to get its first GDPR-style law. On January 1, the California Consumer Privacy Act (CCPA) goes into effect, providing new data security and privacy regulations for more than 30 million Californians. While the state legislature is still hammering out the specifics, CCPA is expected to be similar to GDPR in many respects.
Whether you’re still working on GDPR compliance or looking to get ahead of the game for CCPA, you’ll need to get a handle on sensitive and personal data at some point. For IBM i shops, there are a range of solutions available, including the newly announced DOT Anonymizer version 5.1 from ARCAD Software.
DOT Anonymizer allows organizations to maintain the confidentiality of test data by concealing personal information. According to ARCAD, the software works with all major operating systems major databases, including IBM i and Db2 for i. It’s typically used in conjunction with ETL and data replication tools to create test data sets. While the content of the data itself is concealed, the format and type are maintained, which is important for testing purposes.
With version 5.1, DOT Anonymizer gains support for automatic detection of sensitive data, independent of the underlying database management system. It also widens support to Salesforce.com.
Automated detection of sensitive data is an important capability and will improve organizations’ ability to comply with GDPR, says ARCAD CEO Philippe Magne.
“Preparing for GDPR requires an analysis of your data flows,” Magne says in a press release. “You must identify the type of data you process, where it is stored, who is accountable, who has access and where it is shared.”
The very first step in this process is identifying sensitive data fields, which is something that can be done by DOT Anonymizer, he said. Another design imperative with DOT Anonymizer is ease of use, Magne adds.
“With DOT Anonymizer we set out to design a solution that was independent of the underlying data model, so as to be compatible with any DBMS – Oracle, SQL Server, DB2, MongoDB, NoSQL and others, even xml, csv and flat files,” he says. “This makes DOT Anonymizer extremely flexible and easy to use. Our customers can manage and customize their anonymization rules for all databases in one single place.”
The use of a data dictionary in DOT-Anonymizer makes data detection “much more accurate,” the company says. By predefining data in the dictionary — such as by listing common first or last names or postal codes — ARCAD says the software can reduce false positives compared to raw pattern-based detection.
“For example, a five-digit number would be detected by a regular expression as a ZIP code but would be rejected by the dictionary,” the company says.
Version 5.1 also brings better filtering of data, which allows users to detect tables that could contain specific pieces of protected data. The new release also lets users customize the data dictionaries to make it easier to identify types of data that are prevalent in certain jobs or industries. For example, things like medical conditions or specific skills classification codes can pose problems for automated detection through a regular expression, the company says.
“We have designed DOT Anonymizer to meet the need in the industry for a simple, high performance yet affordable point solution to help our customers get started on a GDPR compliance project,” Magne says. “With DOT Anonymizer our customers are usually autonomous in their use of the solution after a day of training. The solution has proven its scalability in some of the largest institutions in our customer base.”