In 2017, Equifax experienced a highly publicized data breach which affected over 148 million Americans. Breached data included names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. The US Department of Justice recently discovered that the cyberattack was, in fact, a state-sponsored operation by a well-funded and sophisticated arm of the Chinese government. As a result of the hack, Equifax has embarked on a $1 billion+ security and technology transformation project, which we’re proud to play a role in since early 2018.
“We are spending an incremental $1.25 billion between 2018 and 2020 on enhanced security and technology as part of our EFX 2020 cloud technology transformation, and we have made tremendous progress toward embedding security into everything we do,” said Mark W. Begor, CEO of Equifax in a recent press release.
Chief Privacy and Data Governance Officer Nick Oldham said “Investing in data protection technologies is a key part of our transformation. Active Navigation has been a good partner for us during our transformation.”
You Can’t Protect What You Don’t Know You Have
One of the first pieces of the puzzle was helping Equifax understand their unstructured data estate by creating a data map. Given the nature of the breach, time was of the essence. Our software quickly deployed into a complex tech stack and worked to identify, classify and protect sensitive data assets. Data mapping is an important place to start, especially given that its a key component of operationalizing and maintaining a rigorous, fully compliant data privacy program.
Understanding “dark data” can help companies, like Equifax, reduce their risk exposure to privacy regulations such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GPPR). With data breaches now more of a “when” than “if” companies are using our software to map the data they’re collecting, processing and storing. By creating a clean data inventory of unstructured assets, organizations can minimize risk by deleting unnecessary records.
“Hacking attempts are relentless, which has led to several high-profile data breaches, including Equifax. Proactive data minimization practices will continue to gain momentum as privacy regulations, such as the California Consumer Privacy Act (CCPA), are introduced and adopted,” explains our CRO, Dean Gonsowski.
The Intersection of Security and Privacy
Data privacy regulations are driving organizations to take a long, hard look at the personal information they are collecting. GDPR’s principle of data minimization – the concept that companies should only use as much data as is required to successfully achieve a given task – is making companies rethink what constitutes as acceptable data use. For example, Equifax is using our software, Discovery Center, to identify and delete unnecessary records and in turn, proactively reduce its overall data surface area and facilitate data privacy compliance.
Turning Privacy into a Competitive Advantage
Striking the balance between keeping data for value extraction and deleting it for risk mitigation is a fine line. However, consumers are increasingly wary about how their data is being monetized. A study conducted on behalf of IBM found that 78% of respondents said a company’s ability to keep their data private is “extremely important”.
Equifax is working hard to regain public (and regulator) trust by being transparent about their technological transformation. At RSA 2020, Equifax’s CISO Jamil Farshchi, explained that they are committed to being open and collaborative: “It is extraordinarily rare for an organization to be transparent about what they’re doing in this space. Most organizations, you put your head down, grind it out, and that’s that. The problem with that is it doesn’t allow others to learn what you’re learning — and we’ve learned a lot.”
Data privacy is becoming a competitive advantage as data breaches continue unabated. Gartner highlighted digital ethics and privacy as a strategic trend in 2019 – and as data continues to grow exponentially – we see this trend continuing for many years to come.
If you’re interested in learning more about how our software can map your data flows and help protect sensitive data assets, click here to schedule a call.