Australian Law Could Easily Impact All Data Professionals

Australia is currently putting into place has passed a law that would make it possible for the government to compel “backdoors” and access to even encrypted and secure systems.  The reporting is all over the place on the details about this and what it means (but here’s a link to the actual law), but the basics are that the government will be able to require back-door-style access to systems and, with two higher-level signatures to request it, force IT groups to comply and provide information and access.  

This may be essentially akin to the alleged NSA capabilities where encryption can be compromised, where other backdoor type capabilities were exploited, etc.  However, this is baked-in to legislation style access. 

Privacy issues aside, legislative over-reach and government overreach debates aside, this impacts data professionals rather directly.  It’s becoming more and more clear that there is a growing disparity between data use, desire for deeper knowledge and information and privacy, control and access.  

All of these conflict a good bit because in order to learn from data, you need to have access to that data.  Not in an absolute “you’re entitled to any data you want!” way, sure.  But we’ve collectively been on a quest to learn what we can.  Save what makes sense to save so we can learn from it, provide better services, provide better information to the customers of our information.  

By saying that government will have access, I think this, and things like GDPR liabilities and other laws and regulations coming on the books will force some important choices for us as we manage data flows.  There is a strong case to be made to be considering and designing data use so that details are not managed, but rather the information is.  Sure, customer lists and such will be important, but keeping everything “in case” in the most detailed way possible may not be the prudent thing to do.

This isn’t to say everyone has something to hide.  It’s that the details you keep, combined with details provided elsewhere, may be simply too tempting for good or bad actors.  Government aside, if the back door options have to be built in, you can guarantee the “good guys” won’t be the only ones with access.  So this means protection of information, data and data flows and data storage will be paramount. 

I think data lakes, data warehousing, summarized information stores and such are going to be more and more a responsible means of controlling information.  

You can still do sales reporting, still do forecasting, special offers and other items as you need to in order to run a business.  I saw a post about casinos wanting to integrate “Joe just walked in and they’re an influencer, text them a cool offer” – with their systems. This is something that can be done in real time.  You could identify real-time offers, criteria to trigger them, then IoT steps in and sensors (bluetooth, cell, etc.) can recognize that person and pick from available offers. 

It’s almost like responsive development/programming vs. procedural – where your data flows and use become responsive to specific scenarios, rather than collected and glued together as a matter of business.  While it’s a small differentiator, it allows you to summarize information and rely on results, rather than details, to get the job done. 

Clearly, we have much to do to manage our collective risk, be attentive to user/customer needs and to respond to legislative requirements.  But ignoring the changing attitudes about access to data stores is a potentially big mistake, with far-reaching ramifications.  These laws, the privacy, and data control laws – they are all *trying* to mirror perceived public clamoring for more control and access to information. 

Right now the pendulum is swinging very distinctly in a direction that should have us, as data professionals, sitting up and paying very close attention.