Data Privacy: The Future is Now
As a leader in the industry that collects a wide range of data from employees, we ensure the information is safe with us.
Say you met a technologist at a hackathon and want to connect with the person more. Instead of exchanging business cards like before, you’ll likely pull out your phone and exchange information digitally.
From LinkedIn profiles, Instagram usernames, hometown, and family relationships to mentions in articles from years ago, the internet and digital world do not erase one’s footprints in most cases.
With all information and data becoming digitalized in the 21st century, it’s time to utilize them in a way that’s never been done before. Data is not just your social media photo or where you went for vacation; it can be numbers and confidential information from financial to hospital records.
We recently had the opportunity to speak with Xiaojing W., our Distinguished Engineer who advocates for data privacy and user-respectful interactions. She shared with us some ways she keeps applications safe and secured at ADP.
Why Data Privacy is important
By Xiaojing W., Distinguished Engineer
On September 7, 2017, a consumer credit reporting agency announced that it had breached the data of approximately 143 million U.S. consumers, including customers’ names, dates of birth, social security, driver’s license, and credit card numbers. These incidents resulted in a loss of consumer trust, therefore, future business opportunities.
ADP takes pride in building applications that put customers’ privacy first with holistic security and privacy practices. In fact, our Chief Data Officer developed a holistic privacy framework instilling the privacy culture and centrally managing the practices in daily data operations.
Here are some of our methods:
- Identification and classification of sensitive information as a part of data governance and management
- Implementation of enterprise-level and system-level data observability/monitoring
- Safeguarding information through various data security controls and advanced technologies such as privileged access management credential choices, secured APIs, file shares, and encryption through data’s entire lifecycle Implementation of Data Management Capability Assessment Model (DCAM) measurement processes to make privacy and security auditable
When it comes to creating a trusting experience for users, we have five best practices to share:
- Engage users in setting the privacy boundaries they want while getting the desired functionalities.
- Build a consistent consent model whenever we collect or use data
- Always include a system of consent receipts for auditing
- Bring full transparency and visibility into why we collect the data, how the data is processed/stored, and with whom we share the data
- Practice minimal data collection and store only the necessary data for future operations
With over 1M clients (about the population of Delaware in the United States), ADP pays more than 38M workers worldwide (about the population of California in the United States), and just in the US alone, we reach nearly 20% of the private US workforce.
As a leader in the industry that collects a wide range of data from employees, we make sure the information is safe with us. At the same time, we pay attention to the design process, ensuring a safe, user-friendly experience for everyone involved.
Here are five design patterns for creating user-respectful and privacy-aware interactions:
- Users must actively opt-in to having their data collected and used
- Users must give consent to every type of data processing activity
- Users must be allowed to withdraw their consent easily at any time
- Users should be able to check every organization and all third parties that will handle the data
- Use just-in-time data collection
Tech Trend: All about Data
Data is always changing, which means more people want ways to keep their information private. This has led to the development of new techniques that preserve user information in large datasets.
Here are four types of technologies that are getting attention in the industry:
- De-identification: we remove or encrypt PII and CII. Multiple techniques, such as tokenization, K-anonymization, and pseudo-anonymization, are provisioned within a Single Global Data Platform (SGDP).
- Differential Privacy: The idea is to add a layer of privacy by adding noise to the original data sets. The new sets make it extremely difficult to infer information about a single individual, while the accuracy of the data analysis and machine learning tasks is not compromised too much.
- Synthetic Data: is algorithmically generated data that mirrors the patterns and composition of the original dataset. Synthetic data can be significant for engineers to test with production-like data. It is also widely used for training the machine learning models used in fraud detection systems and applications with no data or hard-to-get initial data.
- Zero-knowledge proof: Utilizing cryptographic technology, a claimant can validate assertions of confidential information to its verifier without disclosing the details. By leveraging blockchain-based decentralized identity ledger, individuals and companies can easily control who has access to their digital identities. This provides trustful proof of identity, making it easier for users to manage credentials across the web securely.
You may ask, how does the new landscape in data privacy change our product design thinking?
To better understand our clients and the needs of their employees, we must have a comprehensive view of who they are (i.e., profile data) and what they do, and how that impacts their day-to-day (i.e. behavior).
By following HBR‘s new data privacy rules, our products will empower users with trustworthy technology solutions.
Our private permissioned blockchain also safeguards highly sensitive personal data while simultaneously allowing individuals complete control. This innovative technology enables ADP to craft new products and services that benefit employees and clients.
Data privacy isn’t the Privacy Officers’ job; it’s a collective responsibility. As engineers who are often tasked with the technical aspects of securing sensitive data, we must understand the landscape of privacy-enhancing tools and technologies.
Keep in mind that we must stay up to date with the changes in the data industry as our users trust us with their information. Taking care of the trust and protecting the data should be everyone’s top priority.