California’s “GDPR”, concern or red flag?

By Bill Moran and Rich Ptak

Our earlier postings discussed the potential impact of the European Union’s GDPR. on American companies as well as federal and state governments. We provided some suggestions for strategic and tactical moves to minimize impact. We predicted a variety of responses included an increased focus on data privacy. It’s happening.

There is an effort underway linking data privacy[1] to issues of election security[2]. Another is the emergence of GDP-type legislation in states. California passed what some call their version of GDPR. Other states, e.g. Vermont, are exploring data privacy action.

This discusses efforts to extend California’s existing privacy law. Legislator politicking and industry lobbying complicated the effort. They continue after the current changes. While the actual details of California’s regulations remain undetermined, we provide some advice. Understanding our conclusions requires some insight into the background legislative process and maneuvering that took place. Here are the details.

Amendment or ballot vote, does it matter?

California legislature passed what is being called California’s GDPR[3].  It is an update to existing privacy legislation. It came about somewhat uniquely. Some legislators wanted a ballot initiative, which requires a vote by California citizens, to incorporate new privacy rules. This path makes future changes difficult, as it would require supermajority authorization by legislators to amend the law.

Others, opposed to comprehensive changes, supported writing a limited set of amendments to the existing bill. This requires only a simple majority of legislator votes plus the governor's approval, no citizen vote needed. Future amendments could be initiated with the same majority. The expectation is that new rules will be amended before implementation.

A legislative deal was made against a ballot initiative. The legislature passed, and the Governor signed a bill approving some proposed changes to become effective in two years. The result is a privacy proposal less restrictive and easier to change (weaken or strengthen) in the future.

The deal avoided any extended discussion of the changes prior to passing. Some industry people opposed the referendum. They can be expected to attempt further changes to the new law before it is implemented. Right now, we do not know any details about what will actually be implemented when the new law comes into effect in several years.

Since the final contents are so uncertain, it would be futile to attempt to tease out details or draw implications of the existing law. We see no reason for anyone outside California to be overly concerned about California’s GDPR. However, that does mean you should do nothing.

Conclusion

We stand by our earlier advice to those not directly subject to the EU’s GDPR. Two items need attention. First, review security and handling practices involving an individual’s data. Any privacy legislation will include significant penalties for lax policies or process violations of data security. If risky or weak, revise promptly.

Second, examine and validate data backup procedures. Privacy legislation will likely allow individuals to demand that companies reveal any personal information databases. It will likely include rights to control and audit its distribution. Therefore, companies must be able to provide a history of data use if requested[4], possibly including going back for some years. And, your organization must be able to deal with the issue of data erased by accident or error. All these argue for reliable, validated backups.

Finally, we continue to monitor and comment on events as they evolve at federal and state (California, Vermont, etc.) levels. Multiple ways exist to look at privacy issues. The issues can be technical, legal, political, business, or societal. Our primary focus is on technical and business views, as one might expect.

Occasionally, political or legal issues will demand our attention. For example, an effort that ties privacy issues to the question of foreign interference in election processes could raise such interconnected issues. In addition, the ongoing rollout of GDPR itself drives the need to stay abreast of such issues and developments.[5] We will comment on these issues when we feel it is appropriate.

---

[1] Details here: https://tinyurl.com/y8k8cqst and here: https://tinyurl.com/zx97thr

[2] Here is a concise description of the issue: https://tinyurl.com/y9vt9h8

[3] Previously, California amended its state constitution to include a right to privacy. It appears that there is no question that the legislature had the right (some say the duty) to legislate it. This is important when considering what other states might do. A legal California move might be subject to legal challenges in other jurisdictions.

[4] There remains an issue of how often an individual can request this service and what if any fee can be requested. These do not affect the fundamental point.  

[5] The current EU actions against Google for monopolistic practices in the smartphone market is an example.  Monopoly means that a company exerts market power or control preventing customers from freely choosing among alternative suppliers or products.  Without defending Google, it is very hard to define a smart-phone market as restricted while ignoring the presence of Apple, LG, etc. Be that as it may, many of the EU people involved in this issue are likely also involved with GDPR. This suggests that the EU is focusing special attention on very large American technology companies. Earlier EU actions focused on questions of tax avoidance and directed mostly against American companies lends some credence to that suspicion.  It will be interesting to see how the European courts decide this issue. We will follow and comment as appropriate.

Compuware Topaz for Enterprise Data – delivers a trifecta of benefits

By Rich Ptak

        

Graphic courtesy of Compuware, Inc.

With the announcement of the latest release of Compuware Topaz for Enterprise Data, the company leverages Topaz’s modern interface for fast, simple access to data for testing and other purposes…critical to digital agility. Specifically, Topaz for Enterprise Data provides a powerful combination of data visualization, extract and load, and advanced data masking capabilities so companies can get maximum value from their high-value data.

“But, that’s what Topaz was designed for and has been delivering for some time!” - you say. True. However, this time the focus is on a long-festering problem that the pursuit of digitization and agile development has raised to a critical issue. Here’s the story.

Digitization, mainframe mainstreaming, KPIs & GDPR

Enterprises are realizing that DevOps on the mainframe is necessary if they want to be digitally competitive. As Compuware CEO Chris O’Malley often says, “big no longer beats small, fast beats slow.” Good test data management – and the tools that enable it – are core to DevOps. Without them, you can’t understand data and data relationships, automate unit testing and ultimately shorten development cycles, making it virtually impossible to bring high-quality deliverables to market faster.

Historically, enterprises have been unable to exploit the full business value of their data due to their reliance on siloed tools, ad hoc manual techniques and slow processes. They also had to rely on subject matter experts when working with disparate databases or when it was necessary to create and manage custom data sets. Exacerbating these problems was –and continues to be –the shrinking mainframe workforce and the transfer of platform stewardship to mainframe-inexperienced developers who are, rightly so, averse to tools that lack integrations and automation and are too complex and hard to use.

The Tide is Changing

The rise of the digitized enterprise raised management interest in mainframe operations. The mainframe as a data repository is a cornerstone to enterprise digitization. As a result, business management interest in the mainframe resulted in significantly increased pressures on DevOps for faster development of new and extended services that involved more complex data relationships and varied sources. The mainframe’s role in the success of the digital economy becoming more visible and recognized meant more focus on being able to measure and monitor performance and progress. Data management for code testing, agile development techniques, data visualization and automation became critical issues in mainframe DevOps.

The digitized enterprise raises the stakes to continuously monitor and raise performance base on business KPIs – Velocity, Quality, Efficiency, Privacy for all IT operations

Data protection during development and testing, especially when outsourcing, is also a top concern. The publicity and controversy resulting from abuses and lack of serious security in public data management increased interest in and awareness of GDPR. The result has been a dramatic escalation of concerns over and discussions of the legal responsibility implications of data security to preserve data privacy.

As senior mainframe professionals retire, and a new generation of DevOps staff take over stewardship of the mainframe, Topaz for Enterprise Data ensures that any sensitive business or personal data extracted from production is properly masked for privacy and compliance purposes, while preserving essential data relationships and characteristics.

Further, IT staffs are realizing the integral role data management plays in velocity, quality, and efficiency, as well as privacy. Creating mainframe KPIs to continuously drive success in these areas – and having a tool such as Topaz for Enterprise Data to ensure good data management throughout the lifecycle – is critical to long-term success in today’s digital-centric markets.

Topaz for Enterprise Data – That and More

Through the single, consistent user interface of Topaz for Enterprise Data, IT developers and operations staff can manage, edit, manipulate, analyze and view the disparate collection of data types and applications available to today’s mainframe. Developers can access and manage data of different types from diverse databases. Customized test data sets and subsets are easily created, anonymized and manipulated in a straightforward manner. Disguised sets and subsets of sensitive data can be created and stored for test runs, while maintaining the integrity of data relationships across multiple environments. All done without requiring the help of data specialists or experts in data analytics or specialized cross-database knowledge. The programmer has now become self-sufficient.

The Final Word

Compuware delivers once again by expanding its portfolio of new, improved and extended solutions that pave the way to broad mainframe popularity and extended application. Their approach is based on accelerating and applying agile development solutions that make the mainframe increasingly attractive and easier to use by millennial DevOps and management staff.  

Today’s enterprises are all about digitization and digital agility goals. Enterprise managers rely on KPI’s to track DevOps performance and data management as measured in terms of velocity, quality, efficiency and privacy protection. Reliance on inefficient, labor-intensive manual processes and tools frustrate the achievement of KPI goals. In Topaz, Compuware combines disparate manual tools and processes under a common UI and facilitates automation of complex processes to assure reliable, consistent, secure and speedy data management and exploitation.

The payoff with this latest version of Compuware’s Topaz for Enterprise Data will be seen not only in improving performance as reflected in KPIs. But also, in better, more efficient utilization and, importantly, increased the satisfaction of valuable staff. For 15-quarters now Compuware has been refining their vision and implementation processed to mainstream the mainframe. Consider the effort and time spent over the last 50 years to identify and resolve problems associated with mainframe operations, management and applications. Further, consider that Compuware’s impressive contributions have consistently been created and delivered faster than competitors. We believe that the Compuware team deserves significant credit for a job very well done. Check them out.   

Publication Date: July 6, 2018

This document is subject to copyright.  No part of this publication may be reproduced by any method whatsoever without the prior written consent of Ptak Associates LLC. 

To obtain reprint rights contact associates@ptakassociates.com

All trademarks are the property of their respective owners.