Information Governance And The Data Dichotomy

By Nigel Tozer

Governance was a big topic at this year’s Commvault GO conference, more so than ever. I have a strong suspicion the interest was fueled by the looming California Consumer Privacy Act (CCPA), which kicks in at the beginning of 2020. The evidence was clear: The Commvault Activate booth was constantly busy, theatre seats for compliance-related topics (such as the right to be forgotten) were at a premium and data privacy questions came from the media thick and fast.

Patrick McGrath discusses data visibility in one of the Commvault Activate sessions at GO 2019. (Courtesy Commvault)

As a European, I have found the attitude to privacy and the use of personal data or PII to be extremely different in the U.S., but I believe the reality of home-grown U.S. privacy regulations are now changing perceptions. Media stories and public awareness of how personal data is used and monetized is growing stateside, just as it did in Europe in the run up to the General Data Protection Regulation (GDPR) enactment.

The reasons for this are clear:

  • The public is concerned by the large number of high-profile data breaches
  • Hot on the heels of CCPA is the consultation for the New York Privacy Act (NYPA)
  • “Data privacy” was a hot topic during GO in a U.S. presidential candidate debate
  • GDPR-like regulations are cropping up all over the world

Awareness about these topics is really important, especially as our data – or more accurately, data about us – is increasingly used by algorithms and artificial intelligence (AI) to predict our behaviour or even make choices for us. IDC says spending on AI is expected torise by more than 2.5 times from 2019 levels by 20231, and while a lot of the processing will be pointed machine data, much of it will be used on our personal data.

These facts shine a light on the data dichotomy: we are increasingly being asked to give companies more personal data about us, while at the same time data breaches are up by 54 percent2.

It’s refreshing then that visitors to GO wanted to “up their game” where all of this is concerned. I hosted a panel session featuring Commvault’s general counsel, a customer and partner on how they perceive the rise of regulations -such as GDPR and CCPA – and to the points in the previous paragraph, trust was a big topic. Not just trust that your data will be safe from cyber crooks with organizations that you deal with, but also trust that your data would not be used in ways that you wouldn’t want it to be.

Other hot topics discussed were:

  • Risk profiling your data to help prevent and manage data breaches
  • Mapping personal data/PII over on-premises, laptops, multiple clouds and SaaS
  • Executing effectively on erasure/right to be forgotten requests and other legal requests
  • How Commvault plays its part in “privacy by design and default”
  • Managing the lifecycle of personal data/PII by entity/content

It was amazing to me, hearing all of the impressive things our customers are doing with data: detecting fraud; keeping us safe; building amazing structures and transportation; saving lives; and even helping us save the planet. One thing was also crystal clear: The people providing the systems that do all of these wonderful things also know that data value peaks and troughs, but data risk, especially where personal data is concerned, is constant.

If you want to know more about how Commvault can help your organization get a handle on your data with regard to CCPA, GDPR or similar governance challenges, remember to check out our Activate page or use our chat function if you have a specific question. And remember, Activate isn’t just about governance. It will also provide valuable data insights and help you drive greater efficiency across your hybrid cloud.


1 Worldwide Spending on Artificial Intelligence Systems Will Be Nearly $98 Billion in 2023, According to New IDC Spending Guide, IDC Sep 2019

2 Data breaches increased 54% in 2019 so far, article by TechRepublic, Aug 2019