Column by Tatyana Isakova on approaches to information storage

The problem of data leaks has been discussed at different levels for more than a year and has long been elevated to the rank of one of the most critical for the IT industry. Market participants try to solve it in different ways, but each time they come to the conclusion that there is no “magic pill”. The bill on turnover fines, which supposedly should force all large companies to increase their cybersecurity, is still being adjusted by the government, and so far they have not decided to bring it up for discussion.

But recently, market participants and regulators proposed a non-trivial way to protect against leaks. At the conference “Data Protection. Save everything” On October 23, where secure processing and storage of information was a key topic, experts repeatedly said from the stands: “We need to collect less valuable data and stop storing those that are no longer relevant.”

A representative of the Ministry of Digital Development, in turn, said that companies, when investigating an incident that has already happened, often ask the question: “Why was this data stored for so many years?” He also said that the ministry has already adopted an internal strategy to minimize the collection of personal data.

The Ministry of Digital Development explained that the priority now is “to minimize the amount of personal data stored in the State Services infrastructure.” However, the ministry associates this not only with cybersecurity risks (it is noteworthy that since last year, information about data leaks from State Services has repeatedly appeared on the Internet, which the ministry subsequently denied), but also with the development of new IT solutions for creating departmental online storefronts data: “They are located on the infrastructure of the departments themselves and transmit the necessary data only when the user accesses the corresponding service.” Thus, the necessary information is not stored in the State Services infrastructure. The goal, the Ministry of Digital Development emphasizes, is to completely abandon the storage of all sensitive data by the end of 2024 and move to loading it at the time of transaction.

But if the public sector can diversify data storage, at least relieving itself of some responsibility for possible leaks, then it will be much more difficult for businesses to do something similar. The accumulated data is the main competitive advantage for IT companies: on their basis, demand is predicted and recommendation algorithms for all digital services and layout spaces work. According to Fortune Business Insights, the data market is growing by 13-14% per year and has already reached $271.83 billion in 2022. The maximum that companies can do today is to reduce data duplication and store not ten copies of customer information, but one . It is, of course, easier for ministries to radically change their strategy: the topic of competition is irrelevant for them.