Bridging business demands with consumer rights. Expert insights on securing data, navigating global compliance, and adapting to the AI revolution.
Maricela, you specialize in data privacy and governance at Denodo. What initially drew you to this field, and how has your role evolved as regulations and technologies continue to change?
For me data privacy is a fascinating cross between meeting the needs of the business and protecting the rights of consumers. Its origins can be traced back to the 1948 Universal Declaration of Human Rights (UDHR), which declared the right to privacy as a fundamental human right. While current technology has wildly surpassed existing privacy laws, I still find the field to be somewhat futuristic and ever expanding. As regulations and technology continue to grow and evolve, so does the nature of the work. There’s an increasing need for privacy professionals with not only the ability to read and interpret regulations, but the ability to interpret regulations into actionable next steps, communicate needs, and successfully implement new processes through collaboration and stakeholder engagement. It’s a lot of coordination and change management, which I love.
With data breaches becoming more frequent and regulatory pressures increasing, what are the most pressing challenges organizations face in managing data privacy and governance today?
Artificial intelligence and its associated regulations, which are still shaping out, have added complexity to the already existing complex nature of managing data privacy, security, and governance particularly in multi-cloud and hybrid environments. Ironically, AI and Retrieval Augmented Generation (RAG) technology is also part of the solution, as I will discuss below.
Data virtualization is a game-changer for enterprises. How does Denodo’s approach to data governance differ from traditional data management solutions?
Denodo’s data virtualization revolutionizes data governance by shifting from physical data replication to a logical, centralized layer. Unlike traditional methods with scattered policies and complex ETL processes, Denodo applies governance at this virtual layer, enabling streamlined policy enforcement, increased accuracy, enhanced security with fine-grained controls, comprehensive data lineage tracking, and analysis of dynamic data regardless of the source or cloud migration processes. In summary, Denodo helps customers avoid the pitfalls of traditional data management, empowering them to confidently leverage their data—their most valuable asset—for critical decisions in a constantly evolving data landscape.
The power of the Denodo Platform is further augmented when combined with generative AI (GenAI) features of its own, such as the ability to query all data in human natural language, so that anybody working in a government organization with the appropriate authorization can conduct data analysis in real time without needing to use data engineering skills. This multi-faceted approach enables organizations to leverage both their static historical data as well as “dynamic” data being updated in real time, as is typical in real-time analytics use cases such as threat detection.
One of the biggest concerns around data governance is balancing accessibility with security. How does Denodo ensure that organizations can unlock business insights while maintaining strict compliance?
Denodo Platform offers privacy and security features like fine-grained access control, data de-identification, and data usage monitoring. Moreover, it streamlines the secure and efficient implementation of Retrieval Augmented Generation (RAG), the current best practice for providing LLMs with accurate, up-to-date data across all relevant sources, thereby aiding compliance with evolving AI governance frameworks focused on transparency and accuracy.
Compliance with GDPR, CCPA, and HIPAA is a priority for businesses operating across multiple regions. How does Denodo help organizations navigate these complex regulatory landscapes?
Denodo assists organizations in navigating complex regulatory landscapes like GDPR, CCPA, and HIPAA through several key features. Its platform facilitates privacy compliance requirements, including Data Subject Access Requests (DSARs) and consent management, by providing a unified view and control over disparate data sources. Regarding GDPR’s international data transfer concerns, Denodo’s data virtualization can minimize data movement by enabling access and analysis in place, reducing the need for physical transfers. For HIPAA compliance, deploying Denodo on-premises ensures that the organization, not Denodo, is the Business Associate, and granular, role-based access controls further strengthen adherence to HIPAA’s security requirements.
Role-based access control and data masking are critical in preventing unauthorized access to sensitive data. How do these features within Denodo’s platform strengthen data security?
Denodo strengthens data security through its robust role-based access control (RBAC) and data masking features.
First, RBAC allows for granular permission management, enabling administrators to define roles and assign specific access rights to the data. This helps customers tailor access to specific roles and adhere to policies.
Complementing RBAC, Denodo’s data masking capabilities are used by customers to protect sensitive information. Through this feature they can obscure or replace sensitive data with realistic but fictitious values. This dynamic masking capability, combined with RBAC, can create a powerful security framework that not only limits access but also safeguards data when accessed at an organization.
Hybrid and multi-cloud environments add another layer of complexity to data governance. What strategies should organizations adopt to maintain control over their data across diverse infrastructures?
Navigating data governance in hybrid and multi-cloud environments requires a strategic approach, such as that offered by Denodo’s unified semantic layer, which enables organizations to implement consistent security policies, manage data lineage, and provide real-time access to accurate data, thereby avoiding business interruptions.
Real-time monitoring and auditing play a significant role in proactive data governance. How does Denodo equip businesses with the tools to detect and mitigate risks before they escalate?
Denodo empowers businesses by offering proactive data governance enhancing features such as real-time monitoring and comprehensive auditing. Through the Denodo Platform customers can maintain detailed audit logs, tracking all data access and usage, and enable configurable alerts for suspicious activities like unauthorized access or unusual query patterns. Data lineage tracking allows organizations to trace data origins and identify inconsistencies, while policy enforcement and monitoring ensure compliance across diverse environments. Centralized visibility across hybrid and multi-cloud systems simplifies risk detection, enabling businesses to swiftly identify and mitigate potential issues before they arise.
Many companies struggle with implementing a scalable data governance framework. What are the key steps organizations should take to build a strong, future-proof data privacy strategy?
Start with the basics. Don’t underestimate the importance of a data inventory which is the foundation for any data governance program. Build off of the data inventory and mature your data privacy program by focusing on quantifying and improving the accuracy of the metrics. A strong privacy program will be better able to adapt to future needs and we are already seeing this with AI. Organizations with weak privacy governance will face greater challenges in establishing effective AI governance.
How do you see data privacy and governance evolving in the next few years, and what role will Denodo play in shaping that future?
Growing privacy laws around the world means that global governance is going to become more complex and nuanced. Manual compliance processes will become unmanageable and companies will need to leverage technology for full or partial automation and compliance.
There is also an interesting trend towards a more egalitarian approach to data. This can be seen through more recent privacy laws such as the Data Act and the Health Data Space Regulation in the EU, which seek to use personal data kept by various corporations and entities for the greater good. These laws create the legal basis i.e. the legitimate interest for secondary uses of data and the processing of personal data for different purposes than what was originally collected.
They create a path to innovation through sharing of personal data including sensitive health information. Denodo allows entities subject to these regulations to raise the bar by providing the technical ability to do the reporting without compromising the right to privacy. No need to lower the bar and create carve out exceptions that compromises privacy rights of data subjects set forth under GDPR, technology like the Denodo platform can help enable innovation without compromising privacy rights set forth under the GDPR or lowering the bar.
A quote or advice from the author: By failing to prepare data, companies are preparing to fail (at AI). Chief Privacy Officers don’t need to choose between compliance and innovation. The secret to unlocking AI’s full potential lies in the ability to operationalize basic privacy and security principles.
Maricela Lechuga
Legal Counsel, Data Privacy Lead at Denodo
Maricela Lechuga is an Associate Legal Counsel at Denodo. She is also an environmentalist who has advocated for a ban on the use of lead-based fuel in aviation. Her activism has taken her before the US Congress where she testified as a witness in a hearing held by the Subcommittee on the Environment.