StageYou interviewed Dr. Galina Datskovsky on how startups can freely innovate while meeting reasonable standards of security and privacy.

As an internationally renowned expert in the fields of compliance, information governance, and associated technologies and as a researcher, Dr. Galina was involved in the early stages of the development of technologies that we take for granted today. It wouldn’t be wrong to say that she played a key role in the digital transformation of the world. Her entire career spans over 20 years working at giants such as Hewlett Packard, CA, IBM, Bell Labs, and many more, where she played key roles in shaping their digital strategies. StageYou sat down with Dr. Datskovsky to better understand how to tackle some of the toughest challenges of digitalization.

StageYou: Could you give us a brief introduction and tell us about your experience in digital transformation?

Galina: I received my doctorate from Columbia University in New York City. I majored in Computer Science. That’s why I find digital transformation to be very interesting. Technologies that were once considered cutting edge are now everywhere. Back when I was in college, people did not have the Internet.

What we did have was DARPANet. It was a network that connected many of the universities. It enabled researchers to communicate and collaborate over email. Still, email wasn’t considered to be innovative until the 1990s.

Another interesting thing was that as a researcher, I had the advantage of using a word processor for my work. The word processor was a very basic rudimentary piece of software. You had to type in the actual code if you wanted to do things like bold or italicize text. Even so, this was a time when everyone was using clunky and tiresome typewriters. This also showed me how things work behind the scenes.

I wrote my Ph.D. in natural language processing systems and artificial intelligence. While I was in the doctoral program, I started my first company, MDY Advanced Technologies. I built the company from scratch with two other students in the program. I went on to serve on the boards of startups and in senior roles at several companies. This included corporate giants like CA Technologies and Hewlett Packard, where I worked in Information Governance. I now serve as the CEO of Vaporstream, Inc.

Today, it’s fascinating for me to see how the fruits of all the research we did are now at our fingertips. I have a unique perspective on digital transformation because I not only experienced it, but was also part of it from a very early stage. We lit the spark that brought about the digital revolution.

StageYou: Startups are all about innovation. But sometimes, we see this innovation getting held back because founders are terrified about security issues. Is there anything you believe they could do to avoid this issue?

Galina: It’s unfortunate to hear that innovation is being impeded by fear. This doesn’t have to be the case if founders take all measures within their power to comply with security standards. I believe that every company must ensure they have good security practices.

I will answer the question of why security and compliance should not stifle innovation in two parts. Firstly, unlike before, many companies now can employ cloud computing. In the past, if you were a small company, you couldn’t afford all the latest innovations in infrastructure. It was expensive to hire IT staff to keep your data safe from prying eyes. But today, all you need to do is follow the best practices set out by cloud computing providers such as AWS, Microsoft, and Google. The availability of cloud computing has democratized infrastructure. It has made security infrastructure affordable for small companies.

Secondly, you have to accept that data is the most important commodity in the world today. Strict regulations dictate how you can use it. You have to be very conscious about what data you collect and how it’s used. For example, let’s look at an agriculture startup. It sells sensors to farmers. These sensors collect data about the farmers’ fields, but the real value lies in processing that data to obtain meaningful information. When processing the data, we had to make sure that any personally identifiable information was eliminated. That’s a crucial step in protecting that data and by extension protecting our users. This is because, with enough data from multiple data points, you can still personally identify someone. If you’re thinking about Facebook and other tech behemoths, then this is even more relevant. They collect extremely personal data about you from billions of data points!

If a company is using data then it must know what is and isn’t legal. There’s a fine line between what data can be used internally (with permission) and what can be made publicly available. This is based on the jurisdiction companies operate in. For example, in Europe, any company collecting and using data about European citizens will come under GDPR.

Ultimately, if you’re a founder, you need to take an extra step and look at the regulatory environment. You unquestionably need to think of the security measures you can take to protect your data. This applies not only to startups but large companies as well.

The point is if you know, based on your mandate, what information you must protect, you can access infrastructure to protect it. If you have a clear plan to guard your data, then you don’t need to live in fear and paralyze innovation.

StageYou: That was a powerful message with a clear path forward. Yet, whenever a data breach occurs, it’s front-page news. Shortly after, companies are taken to court. What advice would you have for them?

Galina: Typically, whenever a large data breach occurs the media tends to blow it out of proportion, purely because it’s newsworthy. But what’s often ignored in these reports is the mandate of the courts. The court is tasked with checking if a company protected the data to the best of its ability.

In many cases, if you follow the guidelines and do what is customary and acceptable, what is considered best practice, then you’re on safe ground. You need to have the documents to show that you’ve adopted industry best practices. After all, anyone can sue you. Just because they do it doesn’t mean they will get anywhere. Usually, when there’s a problem in such cases it’s due to two reasons. Either there was an unanticipated situation or the people responsible for keeping the data safe did not fulfill their responsibility.

StageYou: To better understand the responsibility of keeping data safe, can we cross-apply it to the context of a doctor? They are professionals who are required to exercise reasonable care without negligence. However, if a patient passes away due to reasons beyond their control then they would not be liable. Is the same true in the field of data security?

Galina: Absolutely! Yes! Great analogy. At the end of the day, nobody is expecting you to be perfect. There is an expectation of a reasonable standard of security. There is an expectation of a reasonable standard of privacy. Even if you exceed these standards, your data could still be stolen. But what companies need to pay attention to is doing their best within their power. For example, if you haven’t installed a firewall or other commonly available infrastructure, then it’s negligence.

StageYou: Currently, you’re serving as the CEO of Vaporstream, Inc. Could you share with us the mandate of the organization?

Galina: Our mandate is directly tied to what we just discussed. Vaporstream is a secure communication tool for enterprises. It combines elements of social media, strong encryption, and privacy. A common misconception people have is that encryption is the equivalent of security. We could exchange messages on WhatsApp and, since the messages are encrypted, no one could intercept the messages and spy on us. Yet, once you send me a message, I can forward it to my friends or post it on Facebook, so there’s no privacy.

At Vaporstream, we offer a secure messaging platform that addresses these concerns. It’s utilized by companies active in industries such as healthcare, nuclear energy, legal, and many more. Every message is of course encrypted. However, the recipient cannot share the message with unauthorized recipients. Furthermore, the message will be automatically destroyed after a certain time has passed. Afterward, the devices of both the sender and receiver will have no record of the message. A permanent record is kept by the enterprise itself for compliance purposes and information governance.

With the Vaporstream platform, two doctors treating a patient can securely communicate with each other. It would allow them to easily have a private conversation, share files, and discuss how to offer the best treatment. They wouldn’t have to fret about ensuring the privacy of the patient’s confidential data. If they ever need to access their prior conversations, they can request it from the hospital staff responsible for managing the data.

StageYou: We are seeing new technologies entering the market. One example is the use of video in private communications. How has information governance, data protection practices, and risk governance evolved?

Galina: You’re right with regards to technology changing rapidly. With regards to governance, I believe there is a sequence of events that all new technologies go through. Generally, whenever a new technology arrives, the government compares it to those that already exist. Afterward, they will make their comments and release standards along with best practices. Enterprises will then adopt it.

The larger enterprises will take it a step further. They’ll have their standards and best practices in place. Eventually, there may be a litigation and then case law will further refine the regulatory landscape. Each new technology goes through this sequence of events to set standards and best practices.

StageYou: You’re well known for building great teams and leadership. What advice would give young entrepreneurs on building high-performance teams and leading them?

Galina: Companies are successful because of their people. You should find the best people you can trust and who can truly contribute. In my experience, it’s better to have fewer people who are the right people. Don’t overbuild and don’t overextend by hiring too many people when you’re a young rising company. Stay lean and focused without complicating things. To ensure people are productive, make sure you have clear directives.

You can’t guarantee everyone will be pleased with your decisions. Most importantly, make sure people feel like owners. Startups are typically able to do this with ease since they’re small.

In summary, security and compliance shouldn’t stifle innovation. Digitalization has now democratized the necessary security infrastructure. Cloud computing is accessible by all. Of course, companies must be aware of the legal regulations governing the use of the data they collect. Despite this, the law recognizes that no one is perfect and hence expects companies to offer a reasonable standard of privacy and security. Therefore, companies must utilize their resources to meet such standards to ensure they have the necessary freedom to innovate.