Privacy advocates have placed an unfair stigma on machine learning.
Despite what you may have heard through the mass media, ML is not some fiendish tool for invading people’s privacy. Regardless, now that European Union’s General Data Protection Regulation has taken effect, there’s an even stronger scrutiny of ML applications in target marketing, customer engagement, experience optimization and other use cases that touch personally identifiable information, or PII.
But in fact, ML is becoming a key element in how organizations manage compliance with GDPR and other privacy mandates. The core of ML’s role in GDPR compliance is in its use as a tool for discovering, organizing, curating and controlling enterprise PII assets across complex, distributed application environments.
In recent months, Wikibon has seen a surge in products that incorporate ML for discovery purposes into broader GDPR compliance solution portfolios. This is a key enabler for driving automated processing of data subjects’ requests to grant or deny consents on uses of their PII within complex data environments. It’s also essential for the transparent accounting on how their PII is being used and managed, as well as for issuing prompt notifications when that data has been breached.
Here are some noteworthy vendors of PII discovery solutions for GDPR compliance. In the following discussion, we call out the different GDPR use cases and deployment scenarios that each addresses:
- ML for PII discovery in a DevOps pipeline: BigID Inc. uses ML to continuously track changes in PII across production and development environments in the data center or cloud. Its BigOps uses ML to discover, contextualize and catalog PII across all data stores. It plugs into open-source DevOps environments such as Jenkins to automatically monitor changes to PII across the development lifecycle. And it uses ML to compare its data with suspected pirate database to determine rapidly where there has been a breach that requires prompt notification.
- ML for PII discovery to accelerate “right to be forgotten” processing: Loom Systemsuses ML to analyze logs and unstructured machine data for immediate visibility into the IT environments. Its Sophie for GDPR has a “find my PII” feature that automates the collection of sensitive log data set, enabling rapid location and deletion of PII, upon data subject request, under the PII “right to be forgotten” mandate.Read more here.