Tell me about Aiimi, your role and your responsibilities.
Aiimi is a creative tech company specialising in data and AI. Our mission is to connect people to insight. Through a combination of expert data services and its AI-powered software platform, the Aiimi Insight Engine, Aiimi helps organisations to connect impossible-to-find information to the people who need it to do their jobs, quickly and securely.
My role is two-fold – to understand the requirements of the market and the legislation and regulation that surrounds data privacy, and to help organisations recognise where advanced AI technologies like Aiimi Insight Engine can create business value, reduce risk, and improve the experience for both users of data privacy technology and those impacted by its use, like customers and data subjects.
How can advanced technology help protect both customer and employee personal data?
It is essential that organisations are aware of, and up to date with, the regulatory frameworks that govern their usage and management of personal data, both for employees and customers. To ensure compliance, businesses will typically transform regulatory frameworks into a set of business rules that determine how it stores, shares and manages information. But rules for governing data can be circumvented or even broken, knowingly or otherwise, when left solely in the hands of employees. This is where advanced technology can ensure compliance is automated, removing human error from the process.
Information stored in the wrong place, with the wrong permissions, has the potential to cause a lot of damage. With advanced technology, such as insight engines, organisations can use AI to quickly discover, classify, and enrich information from across the organisation to identify sensitive data, creating further rules that automate its governance. Insight engines can even be used to create a scaled risk profile for certain documents, such as those containing personal information, and alert users when access permissions might need changing.
Why is there an increasing need for automated tools to tackle DSAR requests?
Under GDPR, everyone has the right to access their personal data. Any employee or customer can request to know what information is being held about them by an organisation. Once a SAR is received, organisations have 30 days to deliver the report to the subject or face significant fines. With consumers and employees becoming increasingly conscious of their rights when it comes to their personal information, particularly those in the 18-34 age bracket, the number of data subject access requests will continue to rise.
With manual processing, just one SAR can cost an organisation between £3000 and£6000 and put a significant strain on compliance and HR teams. Depending on the size of the organisation, the impact of SARs can quickly escalate, which is why there is now an increasing focus on the adoption and implementation of advanced search and discovery technology, such as AI-powered insight engines, and platforms that offer an end-to-end process for automating DSARs all the way through to secure disclosure.
What are the benefits of insight engines to interconnect all data across the organisation?
Developing a successful automated compliance process is not possible without enabling all information across an organisation’s technology stack to be discoverable. Take a retail organisation, for example, in which customer data is housed in many different systems and applications across the organisation, such as CRM, order management systems, web chats, email, text, social media, and recorded telephone calls. Identifying all data related to a customer for the purpose of a subject access request will take a significant investment of time, as much of this data will be locked up and hard to discover in unstructured sources stored across multiple locations.
Insight engines can crawl through all of these locations and make every document and information asset discoverable through a series of classification and enrichment steps that are tailored to the organisation’s requirements. For example, enrichment processes like Named Entity Recognition can identify the names of people, places and organisations, clustering algorithms identify the nature of information, topic analysis tells you what is being discussed and more traditional techniques such as pattern matching find personal data like email addresses, National Insurance or phone numbers, contained within documents, and then enable compliance teams to quickly retrieve and collate this information for disclosure. Data subject access requests, therefore, go from being an arduous and costly task to a manageable and streamlined process that compliance teams can carry out at scale.
What is next for Aiimi?
Aiimi is constantly innovating new technologies and approaches to dealing with personal data. Some of our current work is focused on dealing with long chain emails, weeding out duplicate information, and identifying where conversations diverge to create new information threads. We are developing a fully automated redaction capability which requires only human verification, and we are extending our reach with more native connectors to discover information in yet more applications, such as social media and CRM platforms. Finally, we are working on taxonomy management tools which will let you classify your own keywords and topics to support teams in handling incoming requests which use language that differs from the organisation’s own.