Ben Sharma of Zaloni: Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information
Businesses need to be customer-focused and provide proper transparency about how customer data has been managed. It is not uncommon for customers to turn away companies who lack transparency. If the company is unwilling to specify how they will use customer data, the customer may not want to provide them with it in the first place. This lack of transparency has given rise to companies creating data policies surrounding data ethics and how they are treating customer data. Today, I’ve seen a lot of companies participating in discussions around AI Explainability, an individual’s right to an explanation for decisions that are solely based on automated processes (i.e. Credit Card Applications). Taking the biases out of these AI/ML and ML models is critical for customers to gain trust in the company and for the company to satisfy governance requirements.
It has been said that the currency of the modern world is not gold, but information. If that is true, then nearly every business is storing financial information, emails, and other private information that can be invaluable to cybercriminals or other nefarious actors. What is every business required to do to protect its customers’ and clients’ private information?
As a part of our series about “Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Ben Sharma, Co-founder and Chief Product Officer of Zaloni, a published author, and holds two patents for his innovative Big Data, Enterprise Infrastructure, and Analytics solutions. His impressive range of knowledge across data and business software disciplines has led him to leadership roles at leading companies like Fujitsu and NetApp before Zaloni.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up in India — in a state called Assam which is in the foothills of Eastern Himalayas. Assam has lush valleys with tea plantations — one of its major cash crops. I went to school there for my undergraduate degree and then came to the U.S. to pursue my Masters.
Is there a particular story that inspired you to pursue your particular career path?
I was always fascinated by technology and computers. I started tinkering with computers at an early age and had a Commodore-64. The ability to create software to solve a real-world problem was something that has always driven me throughout my career.
Are you working on any exciting new projects now? How do you think that will help people?
At Zaloni, our focus is on helping our customers create foundational data platforms that provide trusted data to drive AI/ML use cases and improve their agility with analytics. We have several initiatives related to DataOps automation that we are planning to launch in the short term that will have a profound impact on how customers manage and get value out of their data.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
When you are at a startup, you are always pulled in many directions as there is so much to do with constrained resources. This requires long hours, endless discussions internally and externally and changing course quickly to meet the needs of your business. Amidst all of that, you have to take time for family and yourself. Pursuing interests outside of work whether it is in art, sports, music or anything else is important for a healthy balance. I have been able to find my outlet in taking long rides on my road bike — it gives me an opportunity to see various places, meet new people, and enjoy time to think.
Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?
Ultimately, the legal requirements behind protecting the private information of customers and clients vary. New regulations are emerging all the time, but all of them are centered around one construct: You need to have proper processes and governance in place to protect customer data. In general, as a business, if you collect customer data, you need to have standardized governance practices to control the data effectively and securely. Data must be managed in a secure environment and be purposefully utilized based on definitions created upon data collection. Additional constructs that I often see with recent privacy regulations are related to transparency, requiring the company to say how they are using customer data.
Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?
In my opinion, the best practice is to do whatever it takes to win the trust of your customers. The customer comes first, therefore so should your customer data management policies. Providing a secure, trustworthy system to be able to manage and govern data is vital. In terms of data retention, legally, there has to be a retention policy that defines how long the company intends to keep the data. Companies do not want the liability of keeping customer data longer than they have to — say, if the customer were to leave, you need to be able to delete their data. Additionally, retention policies should define if data will be monetized or removed. All in all, you want to provide better products and services to your customers, so as long as you can map the information you are collecting to the outcomes your customers can achieve with their data, that is how you win their trust.
In the face of this changing landscape, how has your data retention policy evolved over the years?
Many companies are dealing with multiple data retention policies for different reasons. For instance, countries can have varying regulations in place, so it’s imperative to be mindful of the number of regulations and related retention policies to stay compliant. Another way that retention policies have evolved lies with the customer. Customers have the opportunity to personalize policies by defining how long the company is allowed to retain or when they need to delete their customer data.
Are you able to tell our readers a bit about your specific policies about data retention? How do you store data? What type of data is stored or is not? Is there a length to how long data is stored?
Within our customer base, monitoring the enforcement of data retention policies is becoming an essential requirement. It is not just about building systems to maintain customer data and enforce data retention; we are now seeing where reporting KPIs can show how many records are being retained, deleted, etc. — creating a more proactive approach to data retention than the traditional passive approach to such policies. In reference to storage, data is stored in highly secured environments. Tokenization and masking are commonly implemented to protect personally identifiable information (PII) and prevent customer data leakage, a common occurrence we see in the press. What type of data sets and for how long they are stored depends on the customer’s vertical. For example, healthcare organizations store protected health information (PHI), and companies in the financial vertical store mainly transactional-based data.
Has any particular legislation related to data privacy, data retention or the like, affected you in recent years? Is there any new or pending legislation that has you worrying about the future?
We see companies who are dealing with their customer data by putting in multiple efforts over the last few years to stay compliant with data retention policies. Measures often include various data management and governance functions that provide the protection needed to stay compliant with data privacy regulations.
In your opinion have tools matured to help manage data retention practices? Are there any that you’d recommend?
Data retention is not something new; it has been around for decades. Telco companies are a prime example because they collect and store call records for a defined period of time for Legal hold use cases. Today, companies are focused on how to ensure the right data retention based on compliance requirements. There are many mature approaches, tools, and platforms to enforce data retention policies. Zaloni’s DataOps platform, Arena, allows for metadata creation and tracking at the record level, automated data classification and obfuscation, and role-based access controls, which are core features to managing, securing, and staying compliant with data retention policies.
There have been some recent well publicized cloud outages and major breaches. Have any of these tempered or affected the way you go about your operations or store information?
When bringing Zaloni offerings to the market, we are always thinking about our customers, their data collection and governance initiatives, and making sure they are staying compliant with their regulatory requirements. We want to ensure that they can safely manage their data and avoid potential mishandling of customer data with a specially curated data management approach that best fits their organizations’ needs.
Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?” (Please share a story or example for each.)
- They need to have a strategy for data management that is customized to protect their customer data. Without a strategy for data management and governance, many data initiatives fail within the first year. According to Gartner, “Through 2022, over 80% data lake projects will fail to deliver value as finding, inventorying and curating data will prove to be the biggest inhibitor to analytics and data science success.”
- An effective data management foundation enables compliance, retention, and various requirements related to customer data. Companies are forced to think of their data management foundation because without it, there may be penalties up to millions of dollars in violation of General Data Protection Regulation (GDPR) requirements.
- Accountability of people, process and technology is key for accelerating data governance initiatives. Having a CDO position at the c-level, for example, provides single ownership of company data, how it is managed and governed. This role is crucial because, without such responsibility, data can be siloed in various lines of business and create inconsistency across the organization.
- Agility must be part of the data foundation so that businesses can adapt quickly to new regulations and standards that continue to emerge. Sixty-six percent of countries worldwide have some type of privacy regulation, and new policies are being created often. Therefore, it is important to have an agile data foundation so that companies can quickly and easily comply with new regulations.
- Businesses need to be customer-focused and provide proper transparency about how customer data has been managed. It is not uncommon for customers to turn away companies who lack transparency. If the company is unwilling to specify how they will use customer data, the customer may not want to provide them with it in the first place. This lack of transparency has given rise to companies creating data policies surrounding data ethics and how they are treating customer data. Today, I’ve seen a lot of companies participating in discussions around AI Explainability, an individual’s right to an explanation for decisions that are solely based on automated processes (i.e. Credit Card Applications). Taking the biases out of these AI/ML and ML models is critical for customers to gain trust in the company and for the company to satisfy governance requirements.
If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)
Trust your data and use a data driven approach to make decisions. As they say “data does not lie.”
How can our readers further follow your work online?
I look forward to the opportunity of connecting with potential Authority Magazine readers. I am active on LinkedIn sharing Zaloni-related content as well as other posts and data reads from those within my network.
This was very inspiring and informative. Thank you so much for the time you spent with this interview!
About the Interviewer: Jason Remillard is the CEO of Data443 Risk Mitigation, Inc. (Publicly Traded as Symbol: ATDS). Data443 is a leading Data Privacy and Security company with over 40,000 customers worldwide.
Formerly of Deutsche Bank, TD Bank, RBC Bank, IBM, Dell/Quest Software, TUCOWS and others, Jason has been in information and data security for over 30 years with customers in virtually every country in the world.
Trusted to deliver — All Things Data Security — he is leading the charge in bringing data privacy as affordable, deployable and realistic solutions that every business owner can take advantage of.