AI’s Impact on Data Protection Strategies

Is your data protection strategy ready for artificial intelligence? Here are a few things IT leaders and businesses should keep in mind.

Guest Commentary, Guest Commentary

April 6, 2020

5 Min Read
Image: sdecoret -

AI and machine learning are nothing new. From Siri, to self-driving cars, to biometric authentication, the development of AI and ML have been critical to enabling many technological advancements. However, while making life easier and more efficient, AI and ML can cause quite an issue for IT. The sheer volume of data resulting from AI can easily overrun data recovery and backup systems.

With data being the lifeblood of the modern enterprise, having solid data protection strategies is not a “nice to have” but a need to have. Especially with laws like General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and the more recent Washington Privacy Act, it’s more critical than ever for IT teams to have a clear understanding of the organizations’ backup and recovery plan. What can IT teams do to curb the impact and confusion that AI is having on data backup and recovery strategies? Here are a couple of things every business should know.

1. Understand what data you have and determine what you need to keep

The real problem seen all too often is that organizational backup and recovery strategies aren’t evolving fast enough. Data volumes continue to grow exponentially, and in the last year or so we’ve seen hyped technologies such as AI become more mainstream with widespread adoption. With this new structure of an organization's computing assets and new types of data requiring protection, businesses can’t simply “back everything up.”

Instead, they need to take stock in their data, determine what’s critical while evaluating what’s no longer priority data. If you don’t know what data you have or where it is, how can you protect it? Simple. You can’t. Having strong data protection starts with understanding your data and where it’s housed. It’s also important to ask what data’s absolutely necessary for business. There’s no ‘one size fits all’ with backup and recovery, and businesses must take a smarter approach.

For one, backing up everything isn’t cost effective and is overall inefficient and unrealistic. Not every piece of data that flows into your business is valuable for the business; don’t keep what’s not needed. Doing so puts you at risk of being noncompliant. For example, GDPR is famously broad when it comes to the definition of a data breach, including any incident that affects availability of personal data, incidents that can be mitigated by a robust backup and recovery strategy. Equally important to think about are individuals who opt-out of sharing personal data, i.e. “right to be forgotten.” If you’re not careful, you can end up recovering personal data that shouldn’t be recovered and become noncompliant.

2. The role of data regulations

While we’ve seen California implement its own data privacy law and have heard that other states want to follow suit, the US most likely won’t have federal regulations any time soon. However, when it does, we’ll probably see the current laws that are most difficult and stringent to abide by implemented across the board. Identifying the most restrictive regulations, even if your business doesn’t fall subject to them, (ex: GDPR) and adhering to those can help ensure compliance for the future.

The task of ensuring compliance though isn't an easy feat. Have a dedicated resource, like a data protection officer (DPO), focus on this. Mandated under GDPR, the DPO oversees strategy and policy to ensure regulations are met. Even so, an organization's compliance shouldn’t be the DPO’s sole responsibility -- it should be practiced by everyone. Data is rarely static but moves around and is used for analysis in various places. All departments handle data in different ways at different stages, so working together to retain visibility will keep data -- and your organization -- protected.

As AI continues to be implemented deeper into our everyday lives, it’s also becoming a bigger part of the regulation conversation. For example, in February, the Pontifical Academy of Life -- an arm of the Roman Catholic Church's Holy See -- released a set of AI ethics guidelines signed by IBM and Microsoft, and the EU released wide-ranging proposals to regulate AI. In addition, tech executives from Google, IBM, and Microsoft called for AI regulation at the World Economic Forum in January.

AI and ML will continue to produce more data, so these issues won’t disappear anytime soon. Businesses must take a long hard look at their current backup and recovery strategy and decide whether it can not only ensure the level of service internally and externally during a disaster, but also that it’s streamlined and able to keep up with the scale of growing data volumes. With data holding so much value to businesses and individuals alike, the way it’s handled can make or break an organization.

Having a good strategy in place, and an understanding of the regulations set forth, prevents new and emerging IT challenges but ensures that innovation can continue to happen.


Adrian Moir is a Data Protection specialist with 30 years’ experience in IT. He is a Sr. Consultant, Product Management and Lead Technology Evangelist at Quest Software, specializing in delivering sustainable data protection solutions that span from small to large enterprises. Working for small and large companies, channel partners and vendors, he has a background in electronic and electrical engineering, hardware platforms, networking, operating systems and virtual infrastructures. Moir previously worked with Quest’s field-based pre-sales technical team delivering required content and solution sets across EMEA.

About the Author(s)

Guest Commentary

Guest Commentary

The InformationWeek community brings together IT practitioners and industry experts with IT advice, education, and opinions. We strive to highlight technology executives and subject matter experts and use their knowledge and experiences to help our audience of IT professionals in a meaningful way. We publish Guest Commentaries from IT practitioners, industry analysts, technology evangelists, and researchers in the field. We are focusing on four main topics: cloud computing; DevOps; data and analytics; and IT leadership and career development. We aim to offer objective, practical advice to our audience on those topics from people who have deep experience in these topics and know the ropes. Guest Commentaries must be vendor neutral. We don't publish articles that promote the writer's company or product.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights