DR. MAURICE COYLE, CHIEF DATA SCIENTIST AT TRŪATA
Collecting, storing and sharing personal data has become ubiquitous with the digital age. It allows organizations to know where we are, what we like and who we’re interacting with. So, it’s unsurprising that many people believe data privacy is now completely dead. But is it premature to mourn its passing?
There is no doubt that an increased adoption of digital technology has resulted in organizations having much more data available to analyze. However, with a growing awareness around data privacy rights, consumers have become much more cautious with the type of data they share, and with whom.
The pandemic has thrown the issue of privacy into the spotlight with developments in Covid-19 track and trace programs highlighting concerns around data collection and usage. The combination of these new programs and consumers becoming more aware of their data privacy rights has resulted in a shifting mindset surrounding data privacy laws.
Whether it really is possible to measure and mitigate privacy risk is a question that has been debated by industry experts for the last decade. However, given the latest developments in the world of data privacy, reducing privacy risks is now more important than ever. Businesses who act carelessly with personal data could risk alienating, or even worse, losing customers to their competitors.
Consumers rule the world
When it comes to trusting organizations with their personal data, consumers are hesitant. According to a Trūata report, more than 77 percent of global consumers agree that privacy data is essential to them, and they are ready to act to protect themselves. In fact, 78 percent of global consumers have taken one or more steps to reduce their digital footprint.
Today’s consumers are becoming increasingly more aware of their rights when it comes to how their data is being used by brands; in fact, 63 percent state that they would stop buying or using brands if they didn’t demonstrate care and responsibility with their personal data. Consumers are beginning to question whether the value exchange of trading personal data for a more personalized or convenient experience is a deal worth making. We are seeing the emergence of ‘privacy actives’ – the consumers who choose or leave brands based on how they think those brands are using their personal data.
This means that brands need to place greater focus on relationships and loyalty to ensure customers are willing to supply their data, which will allow for improvement in the products and services being offered. As we move to a post pandemic world, it will be key for organizations to differentiate, based on the implementation of an effective privacy-enhanced data strategy.
The Big Data world: the impact of the pandemic
While, there has been an understandable rush to use data and technology to manage and control the pandemic, we must consider that there are privacy and ethical considerations at play. In time, the pandemic will pass, but data and analytics programs that have been introduced to help combat Covid-19 have the potential to present future privacy risk if adequate safeguards are not put in place.
It’s important to note that there doesn’t have to be a conflict between privacy and the use of data for societal good if effective privacy or data protection by design approaches are embedded into organizational strategies. Ultimately, if data is collected and processed in a way that’s both ethical and privacy compliant, these programs would be more willingly accepted by the public, resulting in a greater buy-in and more impactful results.
The pandemic has highlighted to consumers the importance of having control over their personal data. Therefore, now more than ever it is key for brands to embrace data privacy regulations and act transparently.
Data privacy rules have changed everything
Data privacy rules are evolving globally, and this has only been accelerated by the pandemic. In fact, Gartner has predicted that by the end of 2023, 80 percent of companies around the world will be regulated by at least one privacy law.
One of the most prominent shifts we’ve seen since regulations, such as GDPR and CCPA, have come into play is that organizations are being forced to conduct proper data audits. They are looking to understand what data they have, how it has been collected, how it is stored and what it is being used for. Consequently, an awareness of privacy has been created in a way that didn’t exist before. While data protection may previously have been perceived by many organizations as a back-office compliance function, it has now been elevated in importance and is very much a strategic board issue. This has pushed brands to establish big data strategies that co-exist with their privacy obligations.
In terms of how new laws and regulations have been approached, there is a divergence amongst organizations that are in regulated sectors versus non-regulated sectors. Having a culture of compliance already embedded in an organization provides a ready-made framework to treat data as a regulated asset. These types of organizations also understand that the stakes are high: if they get it wrong, they aren’t only looking at regulatory fines, but risking severe reputational damage, a loss of confidence in leadership and an impact on share prices.
The development of these data privacy regulations has helped to move privacy up the priority list within organizations, and by upholding these data privacy regulations, businesses will instill trust in their consumers which will only ever result in long term loyalty and success. As a by-product of adopting such an approach to data management, organizations will also further their credibility with their own workforce and other stakeholders.
Why data privacy must be embedded in commercial strategy
Embedding data privacy in a commercial strategy is essential. Although Privacy-Enhancing Technologies (PETs) that are integrated within a business can help companies to de-identify their data, many can fall foul to the belief that this is enough to remove the privacy risk that exists. However, there are many attributes within a data set that can re-identify an individual, either by themselves or when combined with other data. Duplicate or related data can lurk in systems and the potential to combine values such as age, regional location and gender could be used to ultimately trace back the source individual(s).
Organisations are wary of exposure to regulatory scrutiny and potential privacy breaches; therefore, it can be challenging to understand which technologies to use, and with what configurations, to ensure they can still generate value by analyzing their data but without compromising the trust and the respect of their customers. That’s where the principles of privacy-by-design and privacy-by-default have a role to play. Purpose-built privacy-enhancing technologies can instill confidence and allow data-driven businesses to move forward without having to worry about compromising the personal data of trusted consumers. When implemented effectively, there is no need for large-scale training and inductions; rather, organizations can have the confidence in their systems and processes, which have privacy baked into them.
How to be successful in a privacy conscious era
It’s important for organizations to understand that privacy is never ‘done’ but is an ongoing process that must be built into existing platforms, existing processes and into the workforce itself. Data privacy needs to be at the heart of an organization. However, trying to get people to change their behavior and think about the relationship between privacy, data utility and growth is extremely challenging.
Technological progress has created tension between the right to privacy and the extensive data pooling on which the digital economy is based. When privacy and privacy-by-design are baked into an organization, it translates to greater confidence and flexibility with how an organization approaches the data-driven side of their business – not just today but well into the future.
Despite the complexity of the situation, privacy is alive and well. It is a basic human right that must be protected at all costs, and organizations that go the distance with transparent and effective data protection measures in place will regain and retain consumer trust.
This article was featured in Data Center Dynamics.