Data integrity is not a widely used term when it comes to data privacy and security, but without it, information cannot be deemed credible or accurate over its entire lifecycle. Only uncorrupted data that is considered whole and remains unchanged relative to its complete state — in other words, data that has not been altered and is kept consistent throughout its lifecycle — can be said to have integrity.
Significant losses can result from someone altering critical data. Suppose a healthcare institution has a patient who is allergic to a particular medication. If that record is altered, it could result in serious harm to the patient and losses to the institution.
For example, if someone altered a user credential, allowing someone else to access personal and other sensitive information, that could, in turn, trigger a privacy breach and massive penalties. Identity and access management solutions can help businesses manage the access privileges of individuals within organizations.
Any company given access to sensitive data has a responsibility to ensure it has a process in place to prevent changes to the data and to detect if a nefarious or unauthorized change occurs. Failure to establish and follow such a process can lead to a privacy breach.
Data integrity should be one of the central themes of most data protection protocols, right along with data confidentiality and availability. With constant breaches and new regulations, many companies are starting to understand that protecting confidentiality is different than protecting infrastructure and databases, and that these principals are tightly interwoven.
Challenges in Addressing Data Integrity
The two major roadblocks to good data integrity are inadequate systems and inappropriate behavior.
It’s shocking to see how many systems fail to maintain accurate, unalterable information about how data is accessed and changed.
Human behavior is the second issue. Most data governance protocols create disciplines that some see as obstructions to efficiency. An organization or individual can wind up battling compliance with protocols from within.
This circles back to technologies that ensure that individuals are, in fact, compliant.
The Five Principles of Good Data Integrity
Integrity is a pillar of data privacy. Core principles to consider when protecting data integrity include:
- Consent: The use, viewing and transfer of data that identifies an individual will always be supported by that individual’s documented consent, and such consent will be encoded into systems ensuring that it is enforced.
- Isolation: Data that identifies an individual will always be stored and accessed separately from the data about that individual.
- Disassociation: Data that identifies an individual will be difficult to link to data about that individual and require simultaneous breaches of multiple infrastructures to accomplish. The transfer of data about an individual will never include data, such as account numbers or Social Security numbers, that identifies him or her.
- Traceability: A record of the handling of personal data will be maintained. The identities of those who have seen it, downloaded it, changed it or transferred it will be known to ensure accountability in data handling. This information will support an individual’s right to know where his or her data is and ensure that consent is being honored.
- Irrefutability: The systems providing the above will operate in a trust model that makes altering any log or process impossible. Technologies such as blockchain have an important role to play here.
Unauthorized changes across this spectrum can become the root cause of a privacy breach. General Data Protection Regulation compliance, for example, cannot be achieved without a mature strategy for protecting data integrity.
Many businesses have sought out experts to help understand and implement privacy programs. Similar investments should be made to target and solve data integrity issues. There are mature models for identifying risks and possible costs; it’s imperative for every business to quickly identify its current data integrity maturity and start building a roadmap to improvement.