Enquiries and consultations

106-0032
3-1-1 Roppongi, Minato-ku, Tokyo
Roppongi T Cube 14F (Reception 14th floor) View on Google Maps

© XICA CO.,LTD.

How to protect data for its entire life─individuals need to increase literacy, and companies need to lay the foundation

Update date: Tips for realization
InterviewCookie-lessData sciencePrivacy protectionRealizationConversation

"Personal information" has become an important global topic. Legal regulations aimed at protecting privacy are being established around the world, and companies such as Google and Apple are moving to abolish third-party cookies that use personal data. 

In this climate, what can each of us do to protect our personal information? And how can companies protect their users' information? 

Sho Yokoyama, author of "Data Management in 1 Minutes," which was ranked #30 on the Kindle rankings@yuzutas0) and Tetsuro Ito (@tetsuroito) about what individuals and companies should be doing now. 

POINT

  • First, identify where you store your information.
  • Individuals can improve their corporate literacy
  • Personal information is a "human right"
  • Companies need to develop the awareness and foundation to manage the lifecycle of data
A conversation between Sho Yokoyama and Tetsuro Ito
(Left) Sho Yokoyama (@yuzutas0) 

Runs Kazaneya LLC. Has promoted data utilization and digital transformation at many companies, including Recruit, Mercari, and Lancers. Actively disseminates information about data infrastructure through community activities, such as serving as a content committee member at DevelopersSummit and moderator at DataEngineeringStudy. His book "Data Management in 30 Minutes" ranked #1 on the Kindle popularity rankings (March 2020). His books and contributions include "Let's Start Personal Development!" and "Software Design July 3 Issue Special Feature: Learn Log Analysis from Scratch." 

(Right) Tetsuro Ito (@tetsuroito 

After graduating from university, he worked in sales and database marketing at a major financial company. After that, he was involved in various data analyses and service growth from both a consulting and business company perspective. Since data analysis first started to attract attention, he has been involved in many projects utilizing data analysis at contract analysis companies and business companies. He currently leads a data team at an educational SaaS company. With that experience, he is actively engaged in a wide range of activities, including web serialization, book writing, and event hosting. His books and co-authored works include "All about AI and Data Analysis Projects" and "Data Scientist Training Guidebook: Business Use Edition."

Literacy that individuals should have: What to do about abandoned accounts 

-- As e-commerce expands during the COVID-19 pandemic, companies have more opportunities to obtain personal information. 

(I.e. As a result, more and more companies are now in need of data management. For example, predicting what products will sell in a certain season based on past purchase data and presenting appropriate recommendations to customers is part of data management. 

Ito Such usage isAggressive Data ManagementIf so,Defensive Data ManagementYes, there is. We need to think about how to protect the personal information we hold from leaking, and how to delete it if necessary. I think that most companies today continue to store personal data, even if the data was collected from someone who made a purchase only once many years ago.The activity of managing the life cycle of data, from acquisition to storage and deletion, is in the field of data management and is called "data life cycle management."called. 

── It seems that many people have forgotten which sites they have stored their information on. For example, how are these "abandoned accounts" managed? 

(I.e. In databases, they are often treated the same as active accounts, so if a data leak occurs, both accounts will be affected equally. 

Ito The damage you suffer will vary depending on what information is leaked. For example, if you only provide your email address, such as for signing up for an email newsletter, even if your information is leaked, you will only receive spam. However, if you provide your credit card number, there is a risk that someone may make purchases without your permission, and if you use SNS, you may become a stepping stone for spam and cause trouble for your acquaintances. 

(I.e. So, first of all,Take a moment to review where you store your informationOf course, it goes without saying that you should not reuse passwords. The incompatibility between ease of remembering and security has been a long-standing issue with passwords, but recently there are more and more services that allow you to use one-time passwords, and there are also many password management tools. 

── Would it be safe to list the information I have stored with each service and cancel membership to those I don't use? 

(I.e. That's not necessarily the case.There are quite a few cases where it is better for companies and individuals to keep the information.If a home appliance is recalled or if a problem occurs that affects the user's health, the company that sold it can inform the individual who purchased it by leaving information on it. The same goes for messaging app history. 

Ito Companies may have to disclose personal information if requested by the police for their cooperation in an investigation. It would be a problem if they were to say, "I deleted it, so I don't know." If something like medical records are deleted and cannot be referenced, it could be life-threatening. On the other hand, some companies have rules that require accounts that have not been logged in for a certain period of time to be deleted. 

── So what should individuals be careful about? 

Ito Let's improve literacyLiteracy is,Know what the data will be used for and how to delete it if you no longer need the service.

(I.e. I think many people feel that they are increasingly being asked for permission when using websites and apps these days. When this happens, it's a good idea to check the two points that Mr. Ito just mentioned. 

Mr. Ito: That's right. I think there will be more and more situations in the future where people will need to be conscious of their personal information, so I hope people will take the time to check it.

Tetsuro Ito, one of the authors of "Everything about AI and Data Analysis Projects"

What companies need: Strengthening data lifecycle management 

(I.e. However, due to the change in the law, companies must now carefully explain the purpose and purpose of the data they want to collect. The terms of use have become longer and the number of times they are presented to users has increased.There is a risk that the process of obtaining permission will become meaningless and posts will not be read.Yes, there is. If you want to use personal information for a purpose other than its intended purpose, you need to get permission from the user each time. It's only natural that the recipients of that information will find this inconvenient, so this is an issue that designers and engineers need to resolve through UX. 

Ito  Individuals can improve their corporate literacyIf you have an account that you don't mind deleting, even just asking the company "I'd like to delete it" or "Can I delete it?" will make them realize that "users are concerned about these things now." 

── When individual awareness changes, companies willWhat measures do you need to take? 

Ito  As a premise,Update your efforts to comply with the Personal Information Protection Act, which is revised every three yearsHowever, it is not enough to just comply with the law. Changes in user awareness regarding the handling of personal information are occurring faster than changes in the law, so even if something is legal,Unethical use will result in damage to the brand image.Sometimes this happens. 

(I.e. If someone asks you why you are collecting the data, you need to be prepared to give a clear explanation so they can understand. 

Ito Established in Europe"Personal information is a human right"This way of thinking will definitely spread in Japan."Right to be forgotten"I think it's also important to be aware of this. With the advancement of digitalization, things that people would forget can now remain semi-permanently as data.May be deleted if desired by the partiesWe are moving in that direction. 

(I.e. In the first place,It is also necessary to take stock of what data your company has on users.That's right. In that case, it's a good idea to sort out which data should be kept, which data should be deleted, and which data should be deleted at the request of the owner. 

Ito It is essential to establish a workflow for what to do when a user requests deletion.Creating rules on what personal information not to be acquiredIt is a good idea to have it. Even if you don't really need it, if you collect and save it in the hope of getting what you can, and it ends up leaking, you will have to pay appropriate compensation and it may even develop into a lawsuit. Considering such risks,Choose not to collect more information than necessaryIf you keep the data, you can process the personal information coarser to make it anonymous, such as "a man in his 20s living in Tokyo," or you can use encryption or other methods to process the information into pseudonyms that cannot identify an individual unless it is compared with other information. 

(I.e. That is whyData lifecycle management is attracting attention as a part of data management.What data do you collect?It is necessary to manage the lifecycle of data, such as how to retain it, what to keep, and what to delete.  

Ito Utilize external audits such as ISO (International Organization for Standardization) to ensure that your company's efforts are carried out appropriately.It's also important to have a third party check that your company is properly managing the data lifecycle. This is because users choose which services to use based on such factors in addition to ease of use and ease of use. 

(I.e. And, of course,Establishing a foundation for data lifecycle managementIt is also important to have a clear policy. Even if a policy is decided, it cannot be put into practice unless the structure and systems for operating it are in place. In fact, I am currently co-writing a book on this very topic with Mr. Ito, tentatively titled "Prescriptions for Data Infrastructure." It is scheduled to be published by Gijutsu Hyoronsha in the winter of 2021. It will be a useful book for anyone interested in data preparation, so I hope you will read it. 

Ito I think that this book will be an interesting read for both corporate personnel and individuals who are interested in how their personal information is handled.

Sho Yokoyama, author of "Data Management in 30 Minutes"

Corporate challenges and necessary responses 

── As you have discussed today, people's attitudes towards personal information and how they view companies are changing. What challenges will companies face in the future? 

Ito I think that data utilization and security can sometimes be in a trade-off relationship. An offensive stance of "Let's all use data more and more, and increase sales" and a defensive stance of "Let's protect data carefully, and gain peace of mind and trust" are not necessarily compatible at 100%/100%.Set policies for how your company will use dataIt is important to 

(I.e. Data lifecycle management will become something that all companies that handle data will have to tackle in the future. It would be great if we could put in place a system as soon as possible that would allow in-house data workers to use it with peace of mind and provide a service that users can trust. We are working hard every day to achieve this goal. 

Recommended articles