Managing data privacy and governance challenges with the IBM Knowledge Catalog Data Privacy Accelerator

Authors: Paul Keogh Carol O'Donohoe Julie Forgo

Managing compliance for the ever-changing landscape of data privacy legislation is already a challenge for any organization. Enterprises want to maximize the value of their data assets while adhering to governance requirements. The challenge grows with the adoption in many business sectors of artificial intelligence applications. AI amplifies both the opportunity for deriving great benefit from data but also increases the challenge of maintaining data privacy standards.

New features for new data privacy challenges

IBM can help you meet your data governance challenges with the updated Knowledge Catalog Data Privacy Accelerator. This article focuses on new capabilities designed for today’s data privacy hurdles. An earlier article examines the use of the IBM Knowledge Catalog Data Privacy Accelerator to address the convergence of Data Governance and Data Privacy. Review that article as a foundation. Introduced as part of IBM Knowledge Catalog 4.7, the newest version includes new features shaped by feedback from active clients as well as IBM’’s own internal data privacy initiatives.

Learn how the Data Privacy Accelerator can help your organization meet the challenge of responsible, cost-effective data governance with new capabilities, such as an expanded data privacy taxonomy, new data privacy classes, expanded sample policies and rules, and new tools for exploring the relationships among business terms and for monitoring policy and rule utilization from a dashboard.

Leverage the extended data privacy taxonomy

The first release of the Data Privacy Accelerator included a set of business terms that assist organizations with identifying and classifying personal information. The terms are organized in subcategories to group them according to the nature of the information they describe such as Financial, Health, Biometric, Government IDs, and so on. They are also assigned classifications to indicate if they relate to Personal Information (PI) or Sensitive Personal Information (SPI).

The enhanced data privacy taxonomy now includes and classifies business terms that relate to the management of personal data including Processing Purposes and Activity Types as well as Consent, Impact Assessment, and Data Breach Management.

These additional terms help organizations to record activity relating to consent for the use of customer information as well as related usage and intent.

Accelerating data discovery with new data classes

The Data Privacy Accelerator streamlines the process of data discovery and enrichment by providing you with a pre-defined set of data classes, including classes specifically tailored for data privacy and a category hierarchy for organizing the classes. Additional data classes for data privacy were provided as part of the Knowledge Accelerators 4.8 release.

For example, new data classes in the area of Government Issued Identification make it simpler to appropriately classify sensitive data such as tax, social security and other national identifiers, across multiple jurisdictions.

Extend data governance with new sample policies and rules for AI governance

Organizations manage their compliance with the various data protection regulations that apply across the different jurisdictions in which they operate. It is not possible to define an exhaustive set of policies and rules to address all regulations in all jurisdictions. However, the Data Privacy Accelerator includes a set of sample policies and governance rules that show how such artifacts can be defined and how they relate with the other data governance artifacts. The Knowledge Accelerators 4.8 release extends the sample policies and rules to address the data privacy governance of artificial intelligence artifacts.

Flexibility in applying rules to multiple policies

As rules and policies expand to cover more scenarios, you will encounter more cases where a single governance rule applies to multiple policies. The following example shows how a rule governing data retention policies might apply to policies for AI Data Collection and Organization and Retention Period Management.

View a relationship map for business terms

Also new in the IBM Knowledge Catalog , a Relationship Explorer feature provides a visual map of relationships between terms, so you can see the business terms related to the selected rule. Note: Relationship Explorer feature is not publicly available yet.

You can use the samples as both a guide and a shortcut for creating policies and rules that meet the needs of your organization.

Monitor policies and rules from the utilization dashboard

Finally, you can download a Policy and Rules dashboard for use within IBM Knowledge Catalog to get an across-the-board view of how data governance policies and rules are related to data assets.

Summary

The Data Privacy Accelerator continues to evolve provide IBM Knowledge Catalog clients with the ability to immediately deploy a set of governance artifacts to kickstart their data governance activities in the area of data privacy. Customers can deploy the Data Privacy Accelerator as a standalone component or use it in conjunction with other predefined content from other IBM Knowledge Accelerators. Over the coming weeks, there will be additional blogs describing other aspects of the new Knowledge Accelerators, covering areas such as FINREP Regulatory Reporting, auto term assignment to Logical Data Models, associated Methodology, building data classes and more detail on the convergence of data privacy and AI Governance.

For more information see the IBM Knowledge Catalog