Regulations You and Your Training Data Partner Need to Be Aware of to Minimize RiskIt’s no secret that successful AI initiatives require time, money, and effort. But, a big roadblock to many models moving beyond experimentation has to do with data. High-quality training data often makes people think of very accurate data annotations, however, another important aspect of data is the data governance policies that ensure data is properly collected, used, and managed. It’s critical for responsible AI deployments as well as critical from a legal standpoint as well. Whether you are managing the data collection and annotation of the data for your AI models or you are looking to a data partner like Appen to do that for you, it’s important to understand trust and transparency as key elements of handling data. It’s a challenging process that requires an expert in both security and privacy concerns, as well as local regulations. The right data governance partner (whether internal or a partner) will have infrastructure and protocols to protect sensitive data and be compliant with the highest levels of data security. There are several strict data security certifications and accreditations that can be great indicators of whether the right tools are in place to protect your data. If you’re in the market for a data partner, consider ensuring they’re compliant with the following security qualifications:
General Data Protection Regulation (GDPR)What is it? The General Data Protection Regulation (GDPR) is a European Union regulation that requires companies to uphold guidelines for collecting and processing personal data from citizens of EU member states. GDPR is wide sweeping, but there are many countries beyond the EU that have similar policies and protections of their citizens’ data. Companies that fail to comply face financial penalties and potentially legal ramifications. Why is it important? GDPR applies to all companies that serve EU customers, regardless of where the company is headquartered. Any organization seeking to scale globally will need to follow these guidelines. If you are serving EU customers, look for data partners that are fully GDPR compliant. That means they have security policies in place around data protection, network security, and other risk management procedures. Further, if you’re working with a data partner that leverages crowd workers, your partner should guarantee that those contributors’ personal data is also compliant with GDPR. Read the full GDPR text.
SOC 2 Type II AttestationWhat is it? The Service Organization Control (SOC) 2 Attestation is considered the gold standard in data security and is compliant with the American Institute of Certified Public Accountants (AICPA) standard. To pass a SOC2 assessment, companies are evaluated based on their infrastructure, software, people, procedures, and data. They must adhere to a strict protocol in terms of security controls, data protection, and process integrity. Why is it important? SOC 2 Type II assessment is the most comprehensive certification a company can receive, and the requirements for passing are rigorous. Selecting a data partner certified in SOC 2 Type II means your data will be held to the highest standards of security and compliance. Read more about SOC 2.
ISO27001What is it? ISO 27001:2013 is a specification of requirements for an information security management system (ISMS). These requirements cover creating and maintaining an ISMS. An ISMS is a framework of policies and procedures for an organizations’ risk management processes; it should cover all of the controls involved in assessing and mitigating security risks. Why is it important? Organizations that choose to use the ISO 27001 requirements are taking advantage of security best practices for managing personal data and other assets. A data partner that follows these specifications in their ISMS ensures comprehensive security and privacy protocols. Read more about ISO27001.
HIPAAWhat is it? The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that provides federal standards for protecting an individual’s health information, ensuring that information is kept secure and only disclosed in specific situations. Why is it important? HIPAA protects individuals’ rights to privacy. It avoids disseminating information that could lead to discriminatory practices and protects patients from identity theft. If you’re part of the healthcare industry or will be working with PHI in some form, you’ll need a data partner that is HIPAA-compliant. Read more about HIPAA.
What We Can Do for YouAt Appen, we understand that the data used for your models requires the utmost care and protection. We’re committed to ensuring we deliver the highest standards of security for our customers and are proud to be compliant and accredited with a range of standards and certifications:
- GDPR: Our security policies and processes have been thoroughly evaluated for GDPR compliance. We also adhere to GDPR principles as it applies to our crowd of over one million contributors.
- SOC 2 Type II: Our SOC 2 Type II attestation is a testament to our commitment to enterprise-grade security, privacy, availability, and performance. We perform a SOC 2 examination on an annual basis in order to demonstrate our ongoing commitment to safeguarding your data.
- ISO 27001:2013: We provide a suite of secure service offerings, including secure facilities that are ISO 27001:2013 accredited around the globe as well as a Secure Workspaces remote service.
- HIPAA: We are proud to offer a HIPAA-compliant solution that includes:
- Secure data access that ensures all data security requirements are met for customers working with PHI
- NDA custom channels with HIPAA compliant annotators
- Private cloud deployment that is hosted and managed by Appen
- SAML-based single sign-on (SSO) which gives customers access to the Appen Data Annotation Platform through an identity provider (IdP) of their choice