Address compliance with data privacy laws while controlling costs.
The GDPR is expected to further restrict the use of customer information when it comes into effect in 2018. It and other privacy laws require that companies storing personally identifiable information (PII) about customers – such as their names and birth dates – only do so for specific purposes.
This could cause legal risks for organizations using data warehouse and business intelligence tools. These tools generally store as much data as possible for a long period of time and don’t clearly define a specific purpose for doing so until the data is presented in a report. To comply with privacy regulations while using these tools, organizations must have very high protection of PII.
“The insurance industry is one of those faced with particularly far-reaching GDPR implications,” explains the European insurer’s Business Intelligence Manager. The consequences of breaching the GDPR also include financial penalties, and losing customers’ trust.
Common encryption techniques such as AESCBC (Advanced Encryption StandardCipher Block Chaining) convert information such as birth dates into a long string of numbers, letters, and symbols, known as hashes. Because the data would no longer be stored in its original format, a developer would have had to modify the existing database structure and any programs that processed the encrypted data – a very time-consuming task with a high risk of compromising data quality and reliability of the system.
Another problem with using common encryption methods was that employees would have to spend time managing encryption keys. And the encryption solution had to work with the insurer’s data integration software, Informatica PowerCenter. This is used to extract data from various sources, transform it, and load it into a new system, such as a data warehouse.