Data leakage – are you ready to plug the gap? 

By Stuart McDonald

In the world of data, data leakage can mean two different things. In machine learning, it’s when data from outside a training set is used to create an ML model that can cause problems. But in this respect, we’re talking about data being leaked from an organisation, which could be accidental – or it might be on purpose.

‘Oh, a data breach!’ I hear you cry. Well, not exactly. A data leak can lead to a breach – but they’re not the same thing. A data breach is when confidential data is accessed, stolen or used without permission, usually for malicious intent. But a data leak is when data is unintentionally shared publicly, usually when it’s been mishandled. You know, when the school your son attends accidentally puts the email address of every parent in the ‘to’ field of an email when they’re sending out a communication about sports day. Or the employee who accidentally sends a spreadsheet of data to someone outside your organisation. Leaks need to be prevented and organisations need to be able to understand the risk that is posed to them, particularly for your critical data sets.

The fall-out from data leaks is significant

Of course, the fall-out from data leaks is significant. It can cause untold reputational damage – it might look careless at best and downright incompetent at worst. You could put your customer or employee data and put them in danger as a result. So doing what you can to protect your organisation from a leak and putting in preventative measures should be a key priority.

Obviously, there are the essential data security solutions – firewalls, patching, email attachment policies etc. But there is a massive data management element to the prevention of data leaks. Looking at your current data state, could you say exactly what data you have? And where that data is stored? Could you comfortably state who owns your data? And who uses it?

If you don’t know the answers to these questions, then rest assured you are at significant risk of a data leak. If you don’t know what data you have and who owns it, managing and controlling a leak will be almost impossible. But there are significant benefits for your organisation if you know what data you have and who is responsible for it. It means you are working towards having effective data governance and data management practices in place, enabling data to be used as a strategic asset, which will support the organisation’s strategy and ambitions.

In preventing data leaks, here are three data management aspects you should bear in mind: 

  • Data discovery – start small: with the sheer volume of data within organisations, the first question is simply ‘what do you have?’ Although there are tools and solutions available to do this, the prospect of mapping your organisation’s data can be overwhelming and our advice would be to start small and focus on one area – like a business unit, a team or a system. By doing this, you can develop a ‘thin slice’ approach to developing your understanding, language, processes and definitions around data. You can then widen the discovery a slice at the time until you have a full understanding of your data landscape.
  • Data ownership – once you know what you have (and this doesn’t have to be from the top down), you need to know who owns that data?  Having an understanding of who is responsible for the data in your organisation is a must, certainly for those critical data assets. Only then can you ascertain how it can be used and shared – or not shared.
  • Data governance – don’t write a 50-page policy document on how data must be governed.  Instead use principles and rules – if it doesn’t fit on a single page, no one is going to read it, let alone remember it.  What are the top 10 golden data rules at your organisation? Make sure that everyone knows and understands them – they need to be engrained in the psyche of all employees involved with handling data. Data governance is an ongoing, cyclical process and key to defining, managing and protecting the integrity of your data.

Data leaks – intentional or inadvertent – can be hugely detrimental for your organisation. You need to avoid at all costs. But if you don’t know what your data landscape looks like, have a poor understanding of your data assets and you don’t know who is responsible for them, then your vulnerability to a data leak rises exponentially. As they say, forewarned is forearmed.

Want to learn more? If you want to learn more about data protection and how to prevent data leaks, please email [email protected] and we’ll be in touch right away.