Back to home

Guarding Digital Gold: The Imperative of Data Security in the AI Era

There are so many ways that data is like money. Money is personal. It belongs to the owner and there are norms that guide us in social conversations about money. Due to the personal nature of money and the value it holds, we require large vaults, intense security systems, and armoured cars to protect it. Humans have been creating systems of security and social norms related to money since at least 7000BCE (the approximate time that exchange currency was invented). In the case of data and privacy, we don’t have 7000 years to catch up. As companies move to implement AI, management must establish stable practices and take responsibility for the safe usage and storage of customer data.

We find ourselves in a situation where data is as prevalent, and as valuable as money. The difference is, we do not have the structures, norms, or regulations in place to create an optimal system for managing data. Companies like Google are dipping their hands into our pockets, extracting data, and using it in ways that drive value for their businesses. They are doing so in opaque ways, taking advantage of the fact that seemingly no one can stop them. They are also avoiding the responsibility that financial institutions hold for keeping money secure because, unlike banks, there are no regulated and accepted practices for protecting data.  

As management initiates a data transformation, they need to hold themselves accountable for privacy and security. Customers are entrusting them with personal information and are exposed to significant asymmetric risks if a breach were to occur. In the same way that a bank robbery would dramatically affect a customer if they were to lose all of their money, a data breach could result in incredible personal and social loss. Unlike their customers, a bank would not go under because of a single robbery. Under the current lack of regulations, neither would your company.

We often hear the argument that Amazon, Google, and Facebook are providing value to their customers by collecting their data. They argue the customer is implicitly providing consent by using their services. If you do not want your data collected, don’t use the service; as they say. This is equivalent to leaving your money under your mattress instead of depositing it at the bank. We can acknowledge that bank customers are provided value for having their money on deposit. They may have easier access to those funds and live without fear of robbery. That being said, the bank derives immense benefit from holding these funds on deposit because they are able to lend these deposits to other customers to make a profit. Here again we see how data and money are so similar.

Yes, companies are providing a service to users by collecting their data, but they are deriving immense value from this data collection as well. As we can see, there is both asymmetric risk of security breaches, and asymmetric flow of benefit from the collection and use of data. This leads to a strong case that companies who collect data to implement AI must be held accountable as the custodian of customer data and provide assurances they will respond in favor of their customer should a security or privacy breach occur.

Unlike an old cowboy movie, where bank robbers show up on ‘Wanted’ posters, data robbers are anonymous. We are currently in the Wild West of data protection and companies need to quickly identify how to protect the valuable information of their users, or risk a shootout with the Sheriff once the regulations finally catch up.