When one system transfers data to another system, what happens when the original data changes? Or what if the policies governing the original piece of data simply change after it has been transferred?
Say someone who manages a government watch list sends their watch list to a secondary organization. Later someone is cleared (removed) from the list. What assurances can be made that the cleared individual will also be removed from the secondary organization’s watch list? Now imagine how complicated this can be if the recipient of a watch list then re-distributes (cascading) the watch list to tertiary organizations and so on.
Some organizations sell their customer lists to secondary organizations, e.g., to a marketing alliance partner. What if one of the customers requests that their name and address not be sold, and what if they ask for their information to be redacted from secondary sources where transfers have already occurred?
Guess what? Bad news. Most organizations don’t even know what customer records were transferred (at least at the customer level) as they likely only know what extract criteria was used on what date and the total record count.
Have you read these related articles?
Newsletter:
