Roman Stanek of GoodData: Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information
Understand the sensitivity of your customer data and requirements, standards and the best practices of the customers and their industries. For example, if you will be handling health records, HIPAA compliance is a must.
It has been said that the currency of the modern world is not gold, but information. If that is true, then nearly every business is storing financial information, emails, and other private information that can be invaluable to cybercriminals or other nefarious actors. What is every business required to do to protect its customers’ and clients’ private information?
As a part of our series about “Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Roman Stanek. He is a passionate entrepreneur and industry thought leader with over 20 years of high-tech experience. His latest venture, GoodData, was founded in 2007 with the mission to disrupt the business intelligence space and monetize big data. Prior to GoodData, Roman was Founder and CEO of NetBeans, the leading Java development environment (acquired by Sun Microsystems in 1999) and Systinet, a leading SOA governance platform (acquired by Mercury Interactive, later Hewlett Packard, in 2006).
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
My background is somewhat unconventional for the technology world. I was born and raised in a very small town in communist Eastern Europe and it wasn’t until my early twenties that I actually had access to a computer. But, I was fascinated by computer science, and in college in Czechoslovakia I studied the theoretical aspects of modern computing which has ultimately been beneficial to me and my career.
Is there a particular story that inspired you to pursue your particular career path? We’d love to hear it.
This is an interesting question for me, since I am not even sure how to define my career path — is it sales, marketing, tech entrepreneurship? I’d argue all of the above. But I never thought I’d be an entrepreneur. Growing up under a communist regime, in a state-controlled system, I had no exposure to the concept and certainly had no vision for how to build a company from the ground up. Throughout my entire professional journey though, I’ve followed my interests and my talents, trying to soak up as much as I could possibly learn every step of the way. I believe a consistent appetite to learn is vital to any successful career.
Can you share the most interesting story that happened to you since you began your career?
Very early on, Esther Dyson — my mentor, investor and friend — introduced me to Regis McKenna, the marketing guru behind Apple. When I asked him to invest in my first company, NetBeans Inc., which was based in Eastern Europe, he grabbed me by the shoulders and said, “you don’t understand. I would never invest in a company east of Palo Alto, let alone one in Europe!”. It just goes to show how insular Silicon Valley was at the time, and how the technology world has completely shifted its perspective on innovation today. Now, companies from the smallest countries in the world are able to raise billions of dollars. I think it’s a step in the right direction for economic growth and progress.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
By complete chance, I was able to meet the great American entrepreneur Esther Dyson at a conference she hosted in Europe. We had a connection quickly, and she introduced me to some of the most incredible people, including her father who was a renowned physicist and a friend of Albert Einstein’s. It was at that moment I went from being isolated in rural eastern Europe to dining with extremely influential people in the business and tech world, which opened a ton of professional doors for me. Ester has continued to be a trusted mentor, advisor, and investor; she has invested in all of my companies, including GoodData.
Are you working on any exciting new projects now? How do you think that will help people?
Earlier in 2020, we announced a transformative partnership with Visa, equipping them with the technology to better control and understand their data. We believe that quality data analytics can change so much more than internal efficiencies and cross-functional collaboration. If we’re helping a major company like Visa harness and analyze their data, they can use those insights to help small businesses get better credit, and help companies make smarter choices when it comes to hiring, training, and talent development. This in turn could not only attract them more customers, but also drive revenue across the industry, transform economies, and combat unemployment. When you start to think about the macro impact as well as the micro, it’s game changing.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
I think it is very important to find a release, both physically and mentally, away from work. For me that’s biking. The time on the road and in nature helps me organize my ideas and think clearly. It’s crazy to think, but we used to work from home, and now we sleep at work. Especially as the pandemic persists, it has become even more important to find and prioritize activities you enjoy outside of work to truly decompress.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?
While each country has its own privacy laws, there are some common patterns. Since the main regulatory concern is ensuring that companies do not have an unfair advantage over individuals, all laws typically come with a set of privacy rights. Number one is transparency. Companies must disclose which personal data they have, and what gives them the right to collect and use it. Second, companies are required to include the famous “right to be forgotten.,” or the right to have personal data corrected. Last but not least, the data must be properly secured.
Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?
The most important thing is to collect and store only the data you are sure you need. Making data silos with personal information “just in case” will only increase your data storage and handling costs, and make any use of the data much more complicated and cumbersome. Create a solid and robust data model instead, and collect and preserve the data accordingly. Be creative with the retention by anonymizing the data as much as possible, aggregate them, and delete the row-level data whenever you need just the summary. If you do this right, you will not only satisfy all the regulatory requirements, but more importantly, your life will become much easier when dealing with analytics.
In the face of this changing landscape, how has your data retention policy evolved over the years?
Being a provider of a BI Platform where the customers are in full control of their data, we are fortunate enough that we have not needed a redesign of our data management or data retention procedures. But of course, as the company grows, we are being even more rigorous in ensuring that our data handling procedures work as expected.
Ok, thank you for all of that. Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?” (Please share a story or example for each.)
#1: Start with mapping the data flow. If you don’t need which systems and components keep the data of your customers, there is no way you can properly protect them.
#2: Understand the sensitivity of your customer data and requirements, standards and the best practices of the customers and their industries. For example, if you will be handling health records, HIPAA compliance is a must.
#3: Design for proper and robust multi-tenancy. Mixing together data belonging to different customers has a negative impact on both your business insights and on customer privacy.
#4: Decide how you will inventorize your data and determine its lifecycle. Some of the questions you’ll want to ask yourself are: How long will you keep the individual records? How will you propagate deletion requests to your backups? To which extent you will make your customers fully self-serviced in data governance?
#5: Design and implement data security and privacy controls, and do not forget to regularly review and test these. External bug bounty programs can provide continuous oversight and are great especially for companies who do not have strong in-house security expertise, but internal reviews are equally important.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)
I truly believe that a company’s data is its greatest asset. And yet, so many companies today are sitting on a gold mine of insights they haven’t tapped into. At GoodData we have a goal of achieving 100% data literacy across organizations — and, to me, that means equipping all business users with intuitive and accessible ways to analyze and interpret data for their specific functions. I hope we’re leading a movement to empower more of what I like to call “citizen” data scientists, where data-driven decision making is ubiquitous.
How can our readers further follow your work online?
This was very inspiring and informative. Thank you so much for the time you spent with this interview!
About the Interviewer: Jason Remillard is the CEO of Data443 Risk Mitigation, Inc. (Publicly Traded as Symbol: ATDS). Data443 is a leading Data Privacy and Security company with over 40,000 customers worldwide.
Formerly of Deutsche Bank, TD Bank, RBC Bank, IBM, Dell/Quest Software, TUCOWS and others, Jason has been in information and data security for over 30 years with customers in virtually every country in the world.
Trusted to deliver — All Things Data Security — he is leading the charge in bringing data privacy as affordable, deployable and realistic solutions that every business owner can take advantage of.