Privacy and Security Issues in BI
WITH THE GROWTH of Business Intelligence market, the privacy and security issues are also growing concern over business community. It is everyone’s right to control information about them and there are laws and policies to safeguard individual right but are ineffective. Companies use BI to collect and analyze data for improving their performance, therefore it becomes important to access and maintain secure information. Though, on one side technological developments make it easy to access information freely from various sources on the other hand it becomes essential to develop system that can secure that information from misuse by outsiders.
There can be various kinds of information for example data about customers who are the prime profit generating source. They are the most valuable intellectual property of a company that provides valuable advantage from one to another. So if another company will able to determine the needs of this section of customers then can try to attract them with new plans and this will be a disadvantage to the previous company. Primarily data can be stolen by two sources like any individual; an employ authorized to access and later transfer it to any outsiders, and the second one is technological failure. The corporate data warehouse should have better security facility that can prevent it from getting into the wrong hands.
Some companies use internal control system to prevent information leak, however, privacy and security issues need to be handle both from the point of view of man made error and technological advancement. As far as handling errors of employees are concerned, any company or organization should first educate them about the work culture and the procedure of handling confidential and sensitive corporate data. Company should have strict law to take action against the person indulged in such breaching. Every corporation with Business Intelligence environment should teach all employees about the privacy and security policies and process to handle data including proper use, storage and disposal.
The first step that should be taken by any corporation is to limit the number of user to access information and also categorizing data according to its use. However, its difficult to draw a line on the basis of its use, region as a single job may require different kinds of data and may need whole data structure to analysis as in the case of production and sales and that depends. But a thoughtful study can make you able to set a parameter.
As far as technology is concerned, data encryption techniques can be done some highly sensitive data like customer information. These encrypted data can be further restricted to some user, denying the ability to download and limiting its use within the premises. Again if one giving the opportunity to download certain data, then that should be time sensitive and when the set time period is over, data will be automatically expired from the user’s system. Again in case of internet security, different software are available like ‘spyware’ that determines certain kinds of data that are sensitive for the PC and so either delete it or doesn’t allow to download.