was successfully added to your cart.


Monthly Archives

October 2020

What is data?

By | CCPA, Cloud, CMMC, Data as Property, Legal, Privacy

Long before the internet, computer processors, ram, or hard drives much of the world’s data was composed of physically tangible and recognizable components.   Whether you were an artist that painted a celebrated canvas or a poet whose words filled the reader’s emotions or the engineer that drafted a suspension bridge, your data was composed and easily referenced as tangible items such as paper, ink, graphite, or paint. 

We protected our data in a number of ways limiting exposure of the content, registering content with agencies or groups with the intention to demonstrate ownership.  Often the data was physically protected under lock-and-key technologies whether in a building, a vault, or a case.  Beyond the registration of data with agencies or groups, controlling physical access to the data was critical and ensured the concepts and content was protected as property.

Yes, there were many individuals and groups that wanted to extract the value of your data but there was much more effort required to sequester, copy, manipulate, and extract value from the data of old.  Registration of your data with agencies and groups expanded to international partnerships with the ability to identify, prosecute, and protect the value of your data.  Beyond monetary value, the protection of government intellectual property and technology secrets held a top priority for countries around the world.  The flow of people in and out of the country was strictly monitored and employees received rigorous scrutiny before they were permitted within the ranks of the company.  With such physical barriers in place, significant and coordinated efforts were required to extract your data where nefarious state-actors exposed themselves to significant peril in order to locate, access, and photograph or outright steal the targeted data.  

The evolution of property rights gave way to clear ownership of your data in these tangible forms as the argument is traceable through time and physical parameters back to the owner.   Exposure of data in these tangible forms was limited to defined individuals where access tracking was easily understood, controlled, and connected to people, places, and things.

Think about it, everyone has experienced misplacing or worse the theft of your personal property at some point in time through your life.   Consider how you felt at that very moment when you could not find your keys, left the door of your home unlocked, walked into your office recently burglarized, or had your mobile phone taken when you were not watching?   How did you feel?

It is important to understand how our human condition drives our actions where that real fear, anger, and distrust motivates you to watch and protect those items.  Physical property, it’s value, and the related feelings drive us to guard the value our property implies.   In this case the protection of our data was in a perspective of physical property where the tangible nature invokes a direct emotional response.

Fast forward into the digital age.

I’ll ask you to think about the number of times over the past couple decades when you downloaded software applications, digital books, digital music, or anything of this nature from a site you found or a torrent reposit.  Did you have any sense that you were taking the value created by others?  Did you notice any emotional response at all? 

Now consider the form your data takes on today.  What is your data?  There is no paper, ink, graphite, or paint to identify and claim ownership. 

So, what is your data?  Most people think of their data as the form they entered it, such as, a phone number, employee name, or perhaps medical records where this is only the interpreted output of the primary components of your data.  Have you ever wondered how your words, pictures, drawings, or music actually end up in a form that can be captured, moved, modified, restored, or displayed?  More importantly do you ever wonder how you can clearly claim ownership over your data when you cannot see it or touch it? Do you think there is any legal recognition available that defines how you clearly own these artifacts you cannot see or touch?

How does the human condition respond to something that is so intangible as modern digital data?

The fact is we don’t respond, we don’t understand, and we have not yet been able to connect the protective emotional response triggered by physical property to intangible assets such as magnetic fields, electromagnetic waves, or packets of stored electrons.

This is your modern data.

  • Magnetic fields
  • Electromagnetic waves
  • Packets of electrons

No wonder it does not illicit an emotional response, when was the last time you worried about checking in on your ‘packets of electrons’?  You can’t see them or touch them and you need stuff made by other companies just to view or measure them.  What?  What is my data?

Consider a common experience of writing a document.  Your words, your copyright, your ideas are transferred from a keyboard into an application temporally holding your words, usually encoded as packets of electrons, until you save your writing for access at a later time.  If your computer stores information on a hard drive then your document will be saved in a sequence of magnetic fields.  How do you own a magnetic field?   If you send your document using a WIFI connection then your data is modulating electromagnetic waves, who owns the broadcast rights or more importantly what laws protect my ownership in transmission?  If you copy your document to your third-party cloud service it may be stored on a number solid-state drives as millions of packets of electrons, how do you recognize those electrons as your property on someone else’s system?

How does that work?  I just saved my documents onto a third-party cloud service!  Let me see, so the corporation that is the service, who is recognized as an individual under the law just collected all my data as packets of electrons into the hardware that they own.  This hardware is stored on their real estate and housed inside a company building.  So where in our legislative construct does it outline that packets of electrons can be defined as my property with all the protection afforded my stuff under property law?

The reality is we are decades away from a level of recognized ownership of these intangible components, as supported by codified or precedent law.  You are living in the wild-wild-west right now where this data has significant value to capture, sell, or hold for ransom while business leaders and our judiciary are yet to become fully cognizant of the immediate negative impact to our nation, economy, and privacy.

You are not alone.  In business the majority of business owners and c-suite executives view this intangible data management as a cost-center and lack the emotional triggers that would normally drive a detailed review in the delivery of systems.   They often push towards lower cost solutions and third-party service providers in an effort to further reduce expenditures.  How many leaders do you think actually completed a detailed review to interpret how the current legislative systems, codified law and precedent law describes and protects the ownership of the magnetic fields, electromagnetic waves, and packets-of-electrons?   Given the insanity around us with data theft, ransomware, and international espionage I would say very few.

If your data is no longer in a tangible form how do you claim ownership? How do the Terms and Conditions of third-party services describe your data?  How do third-party services describe their liability, accountability, and indemnification responsibility when your data is impacted?  You may have enough trouble just protecting data across your local networks let alone considering the vast number of employees and potentially, foreign nationals, working at these third-party sites.

Business owners, c-suite executives, and CEO’s must take this seriously and acquire the essential basic education within this discipline in order to properly interrogate corporate decisions that involve your most valuable asset, your corporate data.