Erosion of trust in legacy systems

I haven’t paid a water bill in over a year!! Not because I’m dodging payments. And certainly not because I’m getting free water. It’s because my water company failed to manage data quality the way it manages water quality. In 2024, our water provider launched a new billing system, merging two outdated legacy platforms into what was meant to be a modern, unified solution. Instead, it became a case study in how poor data governance can derail even the most well-intended transformation. So, what happened? > 320 confirmed privacy breaches: bills were sent to strangers, ex-partners, incorrect tenants, and unrelated businesses. Imagine moving to escape family violence, only to have your new address sent to your abuser via a misdirected water bill. > Over 320,000 customer records had to be manually corrected. > Privacy incidents are still being reported. The Victorian regulator (OVIC) described the true scale as “likely significantly higher” than what’s been disclosed. Why did it happen? Because of a flawed data integration strategy that broke down in several places: 1) Poor data hygiene: Legacy systems contained inactive and dummy accounts, outdated contact details, and inconsistent formats, for example, four address types in the legacy data vs. three in the new system. 2) Validation failures: 81 validation rules were designed to catch errors, but many were dropped to meet go-live deadlines. 3) Lack of testing: End-to-end testing wasn’t possible because other systems (like customer premises databases) were still being built in parallel. 4) No rollback path: New tariff rules were implemented in the new system only, making the old systems unusable for failover if anything went wrong. 5) Overconfidence in manual remediation: The water provider and its vendors assumed that any remaining issues could simply be fixed later. The result? A system that leaked private data like a broken pipe. Lessons every data and transformation leader should internalise: 1) Never compromise data quality for deadlines. You might meet your go-live date—but at what cost? 2) Rollbacks aren’t optional. Without a fallback path, every bug becomes a breach. 3) Data quality = business risk. If it isn’t actively managed, it becomes a liability. 4) End-to-end testing is non-negotiable. Fragmented environments = blind spots = public exposure. 5) Don’t underestimate the manual burden. They have already corrected over 320,000 records, and the work is ongoing. As the privacy regulator said: “...the preliminary inquiries identified significant shortcomings in [the provider] preparations for moving to its new billing and payment system, which have had significant privacy impacts for its customers. Therefore, a high-level overview of OVIC’s findings is likely to provide valuable lessons for other agencies when undertaking data migration or integration activities…” Clean data is the invisible infrastructure your customers rely on. Ignore it, and trust starts leaking .... fast.

For 50 years, engineers built systems to efficiently collect data. Now we need them to efficiently manage trust processing data at AI scale. That’s something most legacy systems can't do. Legacy systems were designed to gather, process, and retain data efficiently, not to enforce dynamic privacy preferences or support responsible data usage in AI at enterprise scale. This is much more than a minor inconvenience. It's a fundamental challenge for all organizations, made even more existential by the AI innovation wave. This is also the challenge we’ve built Fides to help enterprises overcome. Consider what happens when modern AI governance requirements crash into legacy architecture: • Hard-coded data models that can't adapt to evolving AI ethics policies • Tight coupling between systems that makes selective data usage impossible • Embedded business logic that assumes permanent, unrestricted data access • Missing audit trails for AI model data lineage and usage • Limited APIs that don't support real-time consent enforcement • Undocumented data flows that create AI governance blind spots • Complex dependencies that make changes risky Building trusted data infrastructure from scratch, designing AI governance controls from the ground up, is relatively straightforward. But which enterprise has the luxury of rebuilding everything from scratch before deploying AI? Instead, they must retrofit trust into systems designed for a world where data was collected without question and used without constraint. This isn't about replacing everything. It's about building the trusted data layer that bridges legacy systems and infrastructure that’s suitable for AI innovation and ready for hyper-scale data governance. Because the real challenge isn't the technology, it's enabling data-driven innovation while evolving systems to meet trust requirements that scale with your data ambitions. Is your organization's data infrastructure built for AI-scale trust, or still optimized for unlimited collection? What's blocking your teams from using sensitive data to create value, ethically and at speed with personal data? I'd love to hear your experiences, either in the comments below or by DM.

Why AI Struggles on Legacy Systems (and How to Fix It) Everyone's excited about AI until it collides with their legacy systems. That’s when reality hits. Here’s what usually goes wrong: 𝐎𝐥𝐝 𝐭𝐞𝐜𝐡, 𝐧𝐞𝐰 𝐝𝐞𝐦𝐚𝐧𝐝𝐬 → Legacy systems just weren’t built for AI’s heavy lifting. 𝐌𝐞𝐬𝐬𝐲 𝐝𝐚𝐭𝐚 → Siloed, inconsistent data makes AI feel more guesswork than intelligence. 𝐒𝐥𝐮𝐠𝐠𝐢𝐬𝐡 𝐩𝐞𝐫𝐟𝐨𝐫𝐦𝐚𝐧𝐜𝐞 → The bottlenecks you’ve tolerated for years suddenly become brick walls. 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐡𝐨𝐥𝐞𝐬 → Connect AI to outdated defenses, and you’ve opened new doors to attackers. 𝐏𝐞𝐨𝐩𝐥𝐞 𝐩𝐮𝐬𝐡𝐛𝐚𝐜𝐤 → Change makes teams nervous, sometimes more than the tech itself. The fix isn’t a big-bang replacement. It’s about building bridges: →Wrap legacy systems with APIs and middleware. →Push AI-heavy workloads to the cloud. →Break the old monolith into smaller, manageable parts. →And above all, bring your people along—training, trust, and quick wins matter. Legacy doesn’t have to mean stuck. With the right approach, it can become the foundation AI actually thrives on.

Are you slapping new processes on old problems? Because if you are—here’s why it’s not working. You can automate the workflow. You can build a shiny new system. You can roll out a new SOP and hold another team-wide training. But if the real issue is cultural, behavioral, or relational— No new process will fix it. It’ll just cover it up for a little while. Process should support people, not replace awareness. Most operational friction doesn’t come from the system. It comes from things like: -Misalignment -Avoided conflict -Unclear priorities -Lack of ownership -Unspoken tension between teams You know what happens when you ignore that and just throw a new tool at it? It works for 30 days… until the cracks start to show again. Here’s how to break that cycle: 1. Diagnose before you deploy. Ask: “Is this a process issue—or a trust issue in disguise?” Get honest before getting efficient. 2. Listen to the people who use the process every day. If your frontline team hates the system, no amount of leadership enthusiasm will fix it. 3. Stop over-engineering around poor communication. If teams don’t talk, no dashboard will save you. Fix the relationship before the reporting. 4. Measure outcomes, not just adherence. Just because everyone uses the process doesn’t mean it’s working. Look at results, not checkboxes. 5. Be willing to burn down what no longer serves the mission. Legacy systems are fine—until they’re not. Don’t be precious about broken things. Because at the end of the day, no process is a substitute for alignment, trust, and leadership clarity. Build the culture first. Then build the system that supports it.

72,000 faces. That’s how many images were exposed when Tea, a dating app designed to protect women, suffered a breach last week. 13,000 of those were IDs and selfies, collected during account verification. The kind of personal data people hand over thinking, “This will keep me safe.” But the breach didn’t come from some flashy, new attack. It came from an old system. A “legacy data environment” no one was really looking at anymore. And honestly, that’s the part that stuck with me. Because it’s not just about this one app. It’s a pattern we’ve seen before, and one we’ll see again if companies keep treating identity as a checkbox rather than a core product function. What I’m realizing is that security breaches like this aren’t just tech failures. They’re trust failures. And when trust is the foundation of your product, especially one built for safety, every pixel, every process, every decision around identity has to account for risk, lifecycle, and user control. Not just “during onboarding,” but for the long haul. Because users don’t know what “legacy system” their data is sitting in. They just know something bad happened when they find their face popping up on 4chan one day. At Grid, we spend a lot of time thinking about how to prevent precisely this. How to future-proof identity infrastructure. How to build with transparency baked in. And how to treat verification as something you maintain, not something you complete. It’s not about fear. It’s about respect. Respecting your users means securing their identity, even after they’ve stopped using your app. Because real trust? It’s earned quietly. And it’s lost loudly. What is your take on this recent breach? 👇🏿