If you’ve been working toward General Data Protection Regulation (GDPR) compliance over the last couple of years, you are probably feeling like your data compliance environment is in good shape.
You’ve identified what information exists, where it is and how it flows, and in the best-case scenario, you’re eliminating data silos that otherwise hamper end-to-end compliance processes.
While improving these processes will continue to be a top priority, it’s time to find other ways to use these new data governance capabilities to help the business.
These days, I’m regularly being pulled into machine learning projects to offer some assurance that the personal and sensitive information pouring into these innovative applications for research and development (R&D), marketing and sales is being used in a compliant way. Certainly, good GDPR hygiene is a tremendous asset in this effort, but there is a lot more to consider when it comes to machine learning (ML).
Cybersecurity
Even as the massive, sprawling data stores used for ML projects can make enterprises more vulnerable to cyberattacks, cybercriminals are also recognizing the value of ML technology and are using it to prepare new, very sophisticated attacks. According to the ENISA Threat Landscape Report 2017: 15 Top Cyber-Threats and Trends, “The adoption of new technologies like data analytics -- eventually based on artificial intelligence and machine learning -- opens new avenues to extract knowledge out of data, thus opening opportunities for cyber-criminals to abuse big data. If cyber-crime develops data analytics capabilities, new forms of abuse will be developed.”
The solution? Legal and compliance teams must launch their own ML initiatives to combat these new cyberthreat measures.
Organizations can now build on the foundation created by GDPR processes and use ML to:
• Automatically classify data as it comes into the organization according to its value and risk. This makes it easier to maintain an evergreen data map and ensure that the highest-level security controls are in place for the more valuable and high-risk data.
• Identify irregularities and gaps during application development processes, thereby eliminating security vulnerabilities before the software is released and cybercriminals have an opportunity to break it. This would also help R&D save time and reduce costs.
• Spot characteristics of a malware or phishing attack and consolidate this information to make better inferences and correlations to stop more sophisticated breaches. Since an average organization deals with 200,000 security events per day, ML is a necessary shield.
Legal And Compliance
The application of ML by legal and compliance teams doesn’t stop with cybersecurity. For example, ML is now being used to accelerate and improve technology-assisted review and predictive coding of documents, as well as to classify documents to determine whether they need to be retained or can be disposed of -- all at petabyte scale. In addition, natural language processing (NLP), a branch of ML focused on the ability of machines to understand language, is already being used to help regulators identify EU data privacy violations. Organizations should be using similar strategies to track down flaws in their own compliance efforts.
In highly regulated industries such as financial services, ML can also help reduce the cost and complexity of regulatory compliance. Most banks maintain data at the line of business level, but data definition, quality and frequency may be inconsistent across the consumer, global markets and investment management divisions. An ML application can be used to efficiently track changing regulatory obligations, expectations and control requirements across the business. Such an application can also be used to automatically monitor specific compliance requirements related to surveillance, Foreign Corrupt Practices Act (FCPA), anti-money laundering (AML) and Know Your Customer (KYC). IBM estimates that 10% of operational spending at major banks is related to regulations and compliance, totaling $270 billion annually. Increasing efficiency by just a small percentage can help banks realize billions of dollars in savings.
In the legal industry, ML-powered applications can facilitate faster and more accurate legal research, evaluate pleadings and motions for errors, parse and categorize large document sets for discovery and review and identify contracts affected by large rule changes. Additionally, ML is being used in some organizations to estimate lawsuit outcomes based on the jurisdiction, the judge and the demographics of a jury pool.
The regulatory and legal environments will only grow more complicated over time. For example, California recently passed the most stringent data privacy regulation in the U.S. In addition to complying with this regulation, organizations may well face additional -- and different -- regulations in other states. And the EU is not finished with its data protection efforts. Meanwhile, new technologies and evolving case law -- related to ephemeral messaging, for example -- continue to present new and even more complex challenges for legal departments. ML-powered applications may well turn out to be the only way that legal and compliance teams will be able to fulfill their missions. With more widespread use of ML applications over the next few years, organizations not employing this technology will be at a significant security and competitive disadvantage.