Behind Closed Doors: Silicon Valley Bank’s Sensitive Data Management Strategies

Is your organization challenged to manage sensitive employee data with respect to privacy compliance, security breach analysis and records management? Today, sensitive data management is a cross-functional priority that impacts security, privacy and data initiatives. Data management teams need to scale work by replacing manual processes with an automated approach for sensitive data management – the biggest challenge with discovering and classifying the data for the appropriate policy management.

Join a live conversation between Jennifer Mezzio (Managing Director at Silicon Valley Bank) and Peggy Tsai (Chief Data Officer at BigID) as Jennifer reveals how Silicon Valley Bank manages their challenges relative to sensitive data.

During this webinar, we will cover:

  • How to identify and protect most sensitive data
  • How to build a proactive vs. reactive approach to data assets using automated data discovery and classification
  • How to apply and enforce data records management

Cloud Data Management Capabilities is the Framework Needed for Good Data Management in the Cloud

John Bottega, President, EDM Council, and Mike Meriton, co-founder and COO of the EDM Council, talk with Tim Brooks, Managing Director, World Wide Technology, about the Enterprise Data Management (EDM) Council initiation and journey so far. EDM Council is a non-profit trade association founded in 2005 with a dedicated mission to support and advocate for data professionals through a combination of standards and best practices. Today, it is a global organization with nearly 300 companies and 10,000 professionals.

They shared what cloud data management capabilities solve and how the entire structure started working. The objective of this model was to amalgamate best practices in the implementation migration and then support data in the cloud, protecting sensitive data and controlling access. They highlighted the positive herd mentality in this domain as everybody wants to move to the cloud. However, it requires a pretty good knowledge of implementing an effective cloud environment.

Cloud is a powerful capability; its wider use can be seen, but what is often ignored is that it introduces risk if done incorrectly. This model helps organizations know how to effectively create this environment and do it in a responsible and trusted manner. So that when data goes to the cloud, the organization has confidence that data is curated, protected, and used appropriately.

EDM Council framework began in March 2020 and renowned companies in the market approached the council. They were working together to build a set of principles for trusted cloud adoption based on ideas around establishing a control framework around data risk. The idea was, instead of individual companies building different frameworks one at a time, “why don’t we get a group of companies to work together to build a common playbook? And hence this [cloud data management capabilities] CDMC framework,” said EDM Council Executives. The council thought 10 or 15 companies would be ideal to start.

However, in just 60 days, over 100 companies and 300 professionals came on board to help develop CDMC framework. After a year and a half of brainstorming and effort during the pandemic, that is, 750 meetings and 45,000 man-hours, which is about 25 person-years altogether, this CDMC framework was developed and published on the 28th of September, 2021. Companies that often compete, like the top four cloud companies worldwide — Amazon, Google, Microsoft, and IBM — all got involved. Each of these companies contributed about half a dozen engineers into multiple meetings per week to build out a comprehensive framework that is about 165 pages long and features 14 key controls that should always be on for protecting sensitive data in cloud, hybrid cloud, and multi-cloud implementations. The framework has almost everything needed for good data management in the cloud, yet it allows each company to have their own ingenuity in how they meet that requirement.

Everybody Has To Be Trained, Not Just Data People

In conversation with Robert Lutton, Vice President, Sandhill Consultants, John Bottega, President, EDM Council, talks about the need for data literacy program training, and how CDOs should demonstrate the value they’re bringing to the table.

Sharing his experiences from his early days as a Chief Data Officer in 2006, he says that there weren’t many sources to learn from and that professionals got together to document the best practices and ideas as they came. Many companies came together and built a repository of information.

The research has been turned into the data capability assessment model, the bible of good data management practices, and good data literacy at the EDM Council. In doing so, it was realized that it isn’t just the data people — everybody has to be trained and educated. With the scale of privacy data at hand today, people need to know their responsibility in managing it.

Bottega mentions that the biggest challenge of implementing a data literacy program is time and prioritization, and also the misunderstanding that it takes too much time. He emphasizes, however, that investing time now will help organizations save a lot more time and cost in the future by canceling the need for things to be redone and rebuilt, and avoiding fines. It has to be understood that investment in education, data literacy, and proper design pays back in the long run.

The responsibility of selling these concepts lies with the CDO, Bottega continues. Chief Data Officers have to sit with the business and operations sides and demonstrate the value of good data hygiene and its business benefits.

Bottega then recalls one such instance from his CDO role with a bank. While the bank had high net worth customers, it also had its regular banking business. But it could not leverage the data to cross-sell because it was a siloed environment.

People supporting the corporations could also sell to the individuals, he notes. So all that needed to be done was that the data had to be cross-referenced and it solved the problem while opening up new business opportunities.

Data Literacy Must Come From the Top

John Bottega, President, EDM Council, in conversation with Robert Lutton, Vice President, Sandhill Consultants, sheds light on the concept of data literacy and how organizations should address their data literacy journey.

According to Bottega, data literacy is about understanding the scope and impact of information, and the approach has been changing over the years. “Data was always thought of as a technical issue, but there’s been a recognition that it’s a business asset and to understand its impact, you have to be literate in how it operates, how it’s gathered, how it’s collected, where it’s coming from,” he says. “It has to apply to everybody, and everybody has to have an understanding of what data literacy is because everybody touches data.”

Literacy is for everyone in an organization, he emphasizes, but it used to be limited to technology teams.Today, as businesses become more data literate and savvy, there has been a responsibility shift. Everybody — from the person at the front office to the middle office to the back office and the C-suite — touches data.

“No matter who you are in an organization, you are touching that data asset, you influence what that company is doing and what that purpose of that information is,” Bottega adds. “It is a cultural thing within organizations. It has to be a holistic perspective of the importance of information and it has to come from the top. If the C-suite doesn’t embrace this, it’s just not going to permeate the organization,” he concludes.

Cloud Framework Will Benefit All Industries

In this Interview series, Tim Brooks, Worldwide Technology, talks with Mike Meriton, co-founder and COO of the EDM Council, and John Bottega, President of the EDM Council, about Cloud Data Management and its challenges.

Bottega shares that data management has evolved over the past decade, and companies have come up the curve on their capability to professionally manage information assets. However, we also live in a world of 40-year-old infrastructure legacy environments. So, it’s fair to say that all companies have built environments that may not be the most efficient, and somewhat duplicative are the challenges that exist. As you move to the cloud, the last thing you want to do is just “lift and drop”. You want to make sure that this new environment, Greenfield if you will, is built with all of those best-practice capabilities at the onset. Because the challenges a firm faces may not be consistent, how do we get out of that type of inconsistency?

According to Bottega, the first step is to do it the right way, as you do cloud. Look at the data, the content, and bring it into the cloud appropriately. Then, finally, as you move this data, you need to ensure that you’re protecting it from a sensitive perspective. Privacy, etc., should be adhered to, and that’s what EDMC is about.

He explains this process through a simple example: There’s a toll gate before you’re allowed into a community, and you have to be a well-dressed and well-groomed kind of person to get in. That’s what EDMC will provide firms as they move their information to the cloud. EDMC encourages companies to do everything efficiently and in a way that adheres to best industry practices.

Explaining it further, Bottega says that these challenges are primarily across all industries, but there are nuances from industry to industry. So, for example, retail may be worried about customer data, and pharmaceuticals about medical data. But it’s all still data. So, how do you ensure the data is moved, curated, and protected properly? The nuances will play themselves out with the SMEs in those spaces, but EDMC seeks to be a level above, saying they manage the data.

The initial work at EDMC was done primarily with financial institutions, with the technology companies, and the cloud providers, but they also had Snowflake and Informatica. Fantastic consultancies like KPMG, EY, PWC, etc., were also involved.

It was always the intention that the EDMC framework would be ubiquitous to the industry. At the onset, it was more of financial companies, a regulated industry. They have the SMEs to participate, but the change genesis is the same.

According to Bottega, when they built the EDMC framework, they included Chief Privacy Officers and people with legal backgrounds that can interpret GDPR, the general data protection regulation in Europe, and CCPA in California. Sensitive data, such as bank account transactions, personal health information, must be protected no matter what industry it is from. In fact, now that most countries and jurisdictions are building and putting out more robust data protection regulations, these requirements and these controls are operable in all forms of sensitive data hands.

Privitar’s In:Confidence Podcast: EDM Council Advocates for the Value of Data Management

Formed in 2005, the idea behind the EDM Council was to create a trade association that would cater to the emerging role of the chief data officer. Today, the organization supports data professionals by providing best practices for responsibly and ethically managing information—including, most recently, a framework on how to manage data in the cloud. In this episode, John Bottega, President at EDM Council, explains how the association came to be and the important work that they do.

Topics discussed:

  • What the EDM Council does for data practitioners
  • The origin of the Cloud Data Management Capability (CDMC) Framework
  • Providing guidance around “data for good”
  • Data management myths and what’s on the horizon

DataVision Singapore

Female talent at the forefront of data analytics in Academia and Business

Empowering women and reaching gender equality is a challenging undertaking. There are multiple issues to be addressed:

  • Education
  • Employment
  • Discrimination
  • Gender-based violence (GBV)

While people of all genders may experience GBV, it disproportionately impacts women. GBV is a public health crisis of pandemic proportions, affecting 1 in 3 women worldwide. Still, recent data and research show that very few GBV survivors seek the help they need.

In this webinar, Sigrún Stella Þorvaldsdóttir, a Data Acquisition Operations Specialist at SIX Financial Information, will interview her sister, Dr. Karen Birna Þorvaldsdóttir, who recently became the first person to earn a PhD from the University of Akureyri (UNAK) in Iceland.

During her doctoral studies, Karen and her colleagues in the MiStory (Multicultural Study of Trauma Recovery) research group developed the first trauma-specific and survivor-centered help-seeking barriers instrument. This work required gathering multiple sources of data by interviewing and surveying women GBV survivors. Qualitative, quantitative, and mixed methods were used to analyze the data.

Top 5 Data & Analytics New Year’s Resolutions

Discover the critical requirements for enterprise data and analytics strategies this year — and make sure you have a strong plan. See how to show more value, deliver more efficiently, and reduce unnecessary cost and effort.

This webinar shares timely advice for prioritizing investments, right-sizing budgets and focusing resources strategically.

During this webinar, we will cover:

  • Key trends impacting data strategies for 2023, and how to make a strong business case for funding platforms, data governance and automation
  • Which projects deliver the biggest business impact, and when to consider modernizing data architectures for public cloud, multi-cloud and hybrid
  • How EDM Council tools and frameworks have helped other members benchmark, justify investments and show strategic value

Modernizing Analytics Architectures with Data Mesh & Semantic Layer

The data mesh is a trending approach to building a decentralized data architecture by leveraging a domain-oriented, self-service design. For this approach to work, the semantic layer emerged as a fundamental concept to support data model sharing, collaboration, and ownership. You will learn how a semantic layer fits into a modern analytics architecture by understanding its relationship to the data mesh.

This session will explain how central data teams can define common models and definitions with a semantic layer, and allows users to browse the mesh of related data products.

Attend this session to learn about:
The role of a data mesh in the modern cloud architecture
A semantic layer as a binding agent for a data mesh
Building modern cloud architecture following modern paradigms
The expert panel includes:
Elif Tutuk, VP of Product, AtScale
Mike Meriton, Moderator, Co-Founder & COO, EDM Council