How We Help You

Abraca-Data uses a 10-step framework developed by Mark Sanders. With this framework, we can take your business team through an end-to-end analysis of your data, focusing on monetization, risk, compliance and other relevant concerns by developing use cases to determine how they impact every aspect of your organization.

10-Step Framework

“Bucketing” data is the beginning point for understanding how it moves through its lifecycle. Key factors include identifying the owner and the nature/type of data. Bucketing can be done by subject (personal information), by regulation (HIPAA) or any identification or characterization required. Data by its very nature may change ownership, type, etc., causing it to end up in more than one bucket, a reality which must always be considered.
Data, as identified, is input into a digital environment (network or platform) by a person or process via an access point (ex: CRM). Inputting data whether self-generated or automated requires a layer of technology, software or infrastructure (mail or a CRM). Collection of data is dynamic and ongoing and when combined with an IoT environment utilizing millions of data collection points makes user consent an issue.
Understanding data transmission is the view from 10,000 feet. Data transmission makes up the majority of the lifecycle. Data transmission begins with the input of data and continues through processing, ultimately ending with disposition. Along the way, data is accessed, acted upon, regulated and processed for the data owner.
Access to data during its life cycle is policy based and technology controlled. Access includes the rights and restrictions for who can do what with the data. Managing access through policy and technology (credentials) is required not just for compliance, but also for liability, ownership, and matters of control. Access to data, especially by 3rd party vendors, must be vigilantly managed.
Processing data involves the automated machine actions of software, systems, and platforms. The software responsible for data processing operates at different points during the data life cycle and as a result, all instances of processing must be identified and managed regarding the impact it has on the data at each point and time.
The current patchwork of disconnected state, federal and international data laws, regulations, standards and policies (“Laws”) have created a confusing environment for companies operating in the cloud/IoT. One major reason; data compliance rarely involves a single Law, which forces a layered or concentric approach (Ex: State and Federal Law/ Regulation (HIPAA); Global/EU; Standards: ISO PCI DSS) where trying to comply with a specific Law could cause non-compliance with another simply because of opposite or competing requirements.
The concept of data disposition is that part of the data life cycle which includes archiving, retention, back-up, deletion, and storage. These components must be understood and managed ensuring compliance with relevant Laws, while not prohibiting the leveraging of data for future cloud/IoT services.
Data, processes and services in the cloud/IoT depend on strong security and privacy practices governed by Laws. Privacy and Security are two sides of the same coin and commonly confused with each other. The concepts of Privacy and Security by design are supported by the EU and many others as a best practice for moving forward when developing cloud/IoT services.
The proliferation of cloud/IoT services has created an environment where multiple parties are involved in the provisioning of these services. Contract terms between service providers, vendors and others (ex: licensing, warranties, revenue, and privacy) must be ‘flowed’ down to all respective parties, a concept which can make negotiating terms difficult.
The rapidly evolution of cloud/IoT technology (wearables, autonomous cars) coupled with an uncertain and changing regulatory frame-work (EU) have created an environment where data and what we do with it is far ahead of the laws and regulations trying to control it. A reality which has caused uncertainty when considering issues of data monetization, regulation and protection.

For each step in the process we look at the organizational impact:

Organization Impact on Data

Product Design – building the right applications (privacy and security by design) to transform the data into something for which your clients will actually pay.

Marketing – getting customer consent to notify them of new solutions and services.  This can be a simple opt-in for an extension of your existing business, or it might require a new license agreement.

Sales – building the right sales strategy to identify target markets for new services and applications developed around the data.

Legal – the agreements with your customers, employees, contractors and outside partners all have to recognize the importance of handling data, involving third-parties in a responsible and compliant manner.

ERP/CRM – the biggest repositories of personal data could be your existing management systems, and if they are combined with other sources of data it can increase the risk of creating or transforming the data from ‘benign’ to regulated.

Contractors – outside contractors and data scientists are often hired to analyze the data that is being collected, and then build applications or algorithms using that data, and without the proper safeguards can pose a risk.

Outside partners – companies share data with resellers, distributors, OEM partners and others, each of which poses a potential vulnerability in how data is handled.