Have you ever met someone who wants to “keep” data into a hard drive just in case of a rainy day? It is not difficult to find them; people that want to have data as a “possession” of a physical asset.
Typically, this species lives in large corporations; they make copies of entire time series of data with assets prices, transaction inflows and outflows, customer data, etc. The strange thing is that sometimes, it is data they do not necessarily use as part of their jobs or research. However, they want to have a copy, just in case.
It is common for enterprises to store all or most of the company’s data in a data warehouse. I have heard of maniacs that replicate copies of data marts into external drives.
It is actually great that we think of data as an asset; however, these data junkies bring the concept to the next level, as they treat the data with a special sentiment attached. It is a weird fetish indeed.
What about those individuals making copies from multiple data sources? I believe that if you access data that you are not supposed to, and on top of that you make a copy of it, you are practically stealing it.
I really do not know if they steal data in a conscious or unconscious way. I give the term “data kleptomaniacs” to refer to those people who steal data in a persistent and unconscious way. Now, if they steal data in a conscious way, I simply call them thieves.
By saying kleptomaniacs, I could visualise a psychologist giving therapy to one of those individuals laying on a couch and asking: Could you tell me when was the first time you stole data in a conscious or unconscious way? How old were you?
Besides the data in the flavours I mentioned – e.g. time series of asset prices – there are others like:
At the end of the day, digital media is data. I bet you have met those thieves that have automatic (and sometimes even scheduled) torrent jobs for downloading an endless number of movies or music collections.
Guess what? From the thousands of movies these kleptomaniacs or thieves download, they watch only a minimal portion of them. Why would they bother then? I guess because they can. They have the time to catalogue the media they download and the storage to keep it. Again, they download or copy those items “just in case” and, of course, to share with their friends.
The very same concept applies to computer games or software. If we see those as collections of sequences of bits and bytes, they are data, too. There are individuals copying and keeping large collections of computer games they will never play or software programs they will never use.
Beside whether they use them or not, there is an issue with the licenses and intellectual property, which is a conversation for another day.
Putting that aside, the behaviour pattern of the thieves is the same, no matter what they are stealing.
Going back to what happens in the corporate world, the reason the previous behaviour does exist in the workplace can be summarised in four words: Lack of data governance.
How can we explain that anyone can just make a copy of terabytes of data into an external drive without much effort? That would be the case of having limited monitoring and minimal controls over storage devices plugged into the users workstations. I guess they may be able to pull the data directly into a cloud drive if they wanted, too.
I have seen that the lack of data governance in companies occurs because there is a loose understanding of what data governance is all about, how it works, how it should be implemented, etc.
In simple words, there is not enough education and awareness about it. At the same time, I have seen cultural clashes against data governance, as in many cases it is seen as “red tape”.
In the paragraph above, we touched base on data governance; however, a discipline that goes hand-in-hand with data governance is data risk management.
According to Australian Prudential Regulation Authority (APRA) in their CPG-235 guideline:
"[Data Risk Management] encompasses the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events impacting on data. Consideration of data risk is relevant regardless of whether the data is in hard copy or soft copy form."
To this end, data risk management will help us to protect the corporations from misuse of data including fraud, theft, business disruption, execution failure and breach of obligations.
As you may likely have seen, there are data thieves out there looking for an opportunity to steal our data. Let’s be more aware of that fact and implement a framework that reduces the possible impact of that illicit activity into our organisations.
(Disclaimer: This document reflects the author’s personal views and not the views of the organisations where the author is or has been affiliated.)