The balance of technological opportunity and data security: A Q&A with Brenda van Rensburg, acQuire Connect 2024 Keynote Speaker

In today’s world, data is ubiquitous and plays a critical role in every business. As we begin to transition towards a more digital-centric experience in the era of Web 3.0, this presents several security, legal and technological challenges.

Working at the fore of AI innovation is data protection and AI governance executive, Brenda van Rensburg. In her keynote at the year’s acQuire Connect, “Web 3.0: The Data Frontier – Security, AI and Law Intersects”, Brenda will share her insights with companies looking at the intersection of data protection, ethical considerations, and the boundless potential of AI.

Ahead of acQuire Connect, we sat down with Brenda to discuss the impact Web 3.0 will have on the way companies manage their data, how privacy regulations may change with the evolution of AI technology, and how businesses can balance the benefits of emerging technologies with the associated security risks.

Brenda, at this year’s acQuire Connect Tech Summit you’re exploring Web 3.0 and the intersect between data, AI and the law. How do you expect Web 3.0 to change the way companies manage their data?

Web 3.0 will no doubt change the way we do business entirely.

Currently, we engage with Web 2.0, which is human-driven and there are still a lot of physical elements with this environment. Web 3.0 will take businesses to a whole new dimension. I expect to see, in the not-so-distant future, more companies conduct their business within a virtual environment in place of a physical one.

While the upside for companies is the immediate cost-saving features, such as time and travel, the downside is the amount of data, hardware, and legalities needed to make this happen. One opportunity this does present to companies is the possibility to ‘share the load’. For example, data can be shared between two entities, potentially reducing legal obligations, especially those concerning sensitive personal data. Companies can collect and share portions of the data required for a Web 3.0 experience, which means a person in Europe wishing to meet with someone in Australia can share tokenised data through a shared system or platform. The experience would be similar to making a Teams call, except it would take place in a virtual environment. Additionally, this approach could help companies tick a few legal boxes.

Companies looking to this way of working in the future need to consider implementing a robust data management strategy first. To build this strategy, a company must identify any data that is critical for this type of Web 3.0 environment, and then consider the amount of data needed/collected, its storage and any likely security controls it would need in place.

While the concept of Web 3.0 may be viewed as ‘far-fetched and fanciful,’ there are already companies successfully operating at the edges of this concept. Therefore, it is only a matter of time before we evolve into an even more digitally engaged business world, where immersive technologies and decentralised platforms enhance collaboration, foster innovation, and create richer business and personal interactions.

How do you see data privacy regulations evolving due to advancements in AI technology?

Since 2018, we have seen a significant shift in privacy regulations. In the last couple of months alone, we have seen the Office of Australian Information Commissioner implement guidelines in relation to data for AI use.

The bottom line is that entities must explicitly inform individuals that they are collecting and using their sensitive data for AI use. Entitles must also collect consent from individuals to do this. However, our regulations are still lacking in relation to how some sensitive information is used, shared and stored.

For us as individuals, the implications are significant: by the time we fully grasp the value of our personal data, it may be too late. Much of our biometric information may already have been collected and stored without our explicit consent.

Knowing this gives companies the power to change by asking questions such as:

1. What data are we collecting?
2. Could any of this data be linked to biometrics (CCTV footage, photographs, fingerprints for access controls, etc.)
3. If this data forms part of the primary purpose, what security controls have we put around it?
   a. Will third parties have access to this data?
   b. Are we planning to share this data?
   c. Are other systems integrating with this AI which can access this data?
   d. How are we capturing consent?
   e. How long must we keep a record of this consent?

How can businesses effectively balance the benefits of emerging technologies, such as using AI for data processing, with the associated security risks?

Businesses have and will continue to confront security risks. To effectively balance these risks with emerging technology, it’s important to implement the fundamental security controls and develop an ongoing business strategy that builds on their security model every year.

Arguably, not all businesses are in the position to deploy the ‘state of the art’ security controls however, there are still measures they can take. An important step is to identify and understand what their most critical assets are, and what controls they should implement to protect these assets. For example, not all data is Personal Identifiable Data, however, there may be some data that is considered the ‘crown jewels’ of the business, and by applying the worst-case scenario, this can help companies identify:

• What backup processes are in place and are the processes effective?
• Who has access to this data, and does everyone need access?
• Which systems has access to this data, and do all systems need access to this data?

As the keynote speaker at acQuire Connect, what are you most excited to share?

There are two key messages that I hope to share with attendees of acQuire Connect 2024:

1. When done right, Web 3.0 presents a huge amount of opportunity for companies.
2. It’s important to remain mindful of the risks of Web 3.0 at a holistic level when incorporating new strategies as we move towards a Web 3.0 data frontier.

The annual acQuire Connect Tech Summit 2024 is scheduled to take place from 6 – 7 November in Perth, Western Australia. The summit provides an opportunity for geoscience professionals, data management experts or anyone working closely with acQuire’s software solutions experts, to come together and address current and future data management challenges. To watch Brenda’s keynote presentation alongside several other great speakers, secure your seat here.