Pandemic Sharpens Debate about Big Data Privacy

Stephen DeAngelis

May 07, 2020

Data collection efforts aimed at slowing the spread of the novel coronavirus, especially contact tracking efforts, have once again focused peoples’ attention on personal data privacy. Samantha Stein (@SteinSamantha), Chief Strategy Officer at QED-it, explains, “Naturally, any type of sweeping government-sanctioned surveillance program, however well-intentioned, raises serious questions: How is our sensitive data being used? Who has access to it? How vulnerable is our data to leaks and hacks? How could it be exploited by private companies in the future? And, of course, is there a way to mitigate the risk of privacy breaches? These are important questions that will most certainly resurface — even if we’re too preoccupied to think about them today — once panic ebbs and calm has been restored in the post-coronavirus era.”[1] Data privacy discussions were widespread prior to the pandemic thanks to enactment of the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act. Samantha Ann Schwartz (@SamanthaSchann) writes, “Data privacy management and protocol got a facelift with the enactments of the General Data Protection Regulation and the California Consumer Privacy Act. Many companies failed to meet compliance standards in time for GDPR. And for companies that met the deadline, 67% fear they won’t be able to sustain compliance, according to Tanium.”[2] That’s a problem — for both companies and consumers.

The importance of data privacy

Most companies understand data breaches or improper use of personal data opens them up to enormous fines and lawsuits. So why aren’t more companies compliant? According to Schwartz, “Privacy requires business commitment as data travels and accumulates. Keeping track of data, wherever it migrates to, will keep companies compliant — not a privacy policy hidden at the bottom of a website. Whether in a cut-and-paste scenario or a spreadsheet on an employee’s laptop, data is rarely stationary. … Without a reliable sense of where, what and how much data is traveling, companies are susceptible to privacy infringements or, at worst, a data breach.” And don’t think data breaches can’t happen. Trevor Bidle (@tbidle), Vice President of information security & compliance officer, US Signal, reports, “Last year, a survey showed that between 2017-2019, 83% of organizations were hit with a cyberattack. Cyberattacks have gone from targeting large enterprises to SMEs and individuals, and with the new decade comes new ways cybercriminals are going to try and get hold of your data. In fact, it is predicted in the 2019 Official Annual Cybercrime Report that by 2021 a cyberattack will happen once every 11 seconds.”[3]

Joseph Feiman, Chief Strategy Officer at WhiteHat Security, insists not all data can be protected and the focus should be placed on protecting critical data. He explains, “Society is moving toward greater openness and broadly sharing information, including data that just a few years or decades ago was considered most sensitive. Sharing takes place via a wide variety of professional and social networks and public media. Governments are under social pressure to open more information as well. This combination of the: 1) growing volume of information, 2) complexity and ineffectiveness of protection technologies, and 3) growing openness, will lead to the realization that: A) it is impossible to protect it all, B) there is no need to protect it all. … Protection of all information is unrealistic, and the battle for it has been lost (actually, the victory has never been possible). They should explore their ability to protect somewhere around 25% of the information they own/handle. For that, they have to select the subset of the most valuable information that is worth protection and that is feasible to protect. They should be gradually, over the years, placing the remaining 75% of the information in the fully/partially open access realm.”[4] Such advice may be realistic, but it probably won’t make consumers feel very comfortable.

If consumers are already uncomfortable, Chad Cragle, Information Security Officer at FormAssembly, won’t improve their discomfort. He writes, “According to a recent survey by FormAssembly, maintaining data privacy is important for organizations, yet not all of them have the resources to do so. In fact, 81 percent of respondents said that they are ‘extremely’ or ‘very’ dedicated to making sure their customer data remains private and even have the personnel to prove it. However, only 43 percent of organizations — less than half — said that they have one or more staff members dedicated to privacy-focused roles. These numbers show that although organizations care about data privacy, they may not have the means to do so.”[5] Thomas C. Redman (@thedatadoc1), President of Data Quality Solutions, and Robert M. Waitman (@RobertWaitman), Director of Privacy Insights and Innovation at Cisco Systems, believe things won’t change until there are compelling reasons to change. They write, “Until recently, there has been little compelling reason for companies to embed privacy considerations deeply into their larger business strategies. While consumers say they care about privacy, few have placed any real value on protecting their data. Further, while many privacy laws call for severe penalties, it appears that actual fines will be considerably lower and only the worst offenders will be impacted. The costs to fully meet all privacy requirements can also be quite high for most companies. On the other side of the ledger, sharing consumer data or using it in targeted marketing campaigns, to train algorithms, and so forth offers outsized potential. Indeed, not exploiting customer data when your competitors are doing so can put you at a significant disadvantage.”[6] Their arguments beg the question: What lies ahead in the data privacy arena?

Fostering trust through data privacy

Chris Mullaney, Vice President of Compliance at UJET, believes protecting data privacy will become a business differentiator in the years ahead. She writes, “Companies eyeing a competitive advantage should prioritize making data privacy and protection a core part of their business.”[7] She suggests “three ways having strong data protection policies and governance can separate your business from the competition.” They are:

1. Adhering to compliance certifications can foster growth. She writes, “Not being able to adhere to global, regional, and industry-specific compliance certifications can dramatically hinder an organization’s growth and opens them up to potential fines. It is key for companies to not only ensure they are compliant with the rules and regulations that apply to the current state of their business, but begin laying the foundation to achieve certifications in industries and areas they are targeting for growth.”

2. Being upfront and transparent can engender consumer trust. According to Mullaney, “The reality is, the majority of consumers today are aware that their data is being collected at a growing rate. Businesses are in constant search of creating personalized and hyper-targeted customer journey’s and marketing campaigns. In order to achieve this, PII and customer data is needed. However, being upfront, transparent, and honest with your customers about what data you are collecting, where it is going to live, and making sure they are aware that they have the ability to access it will go a long way in building a trustworthy relationship between brands and customers.” Redman and Waitman add, “Privacy is as much about customer experience as it is about privacy itself. So get the right people involved. We find it telling that companies routinely seek consumers’ feedback regarding their products and services, yet neither one of us can recall ever being asked about privacy. Go directly to your customers to get to know your privacy actives — how many there are, their views on your privacy policies, their openness to your new ideas, and what they view as fair compensation for your use of their data.”

3. Creating a culture of security and compliance improves long-term success. Mullaney writes, “It is a phrase that has become somewhat cliché, but still rings true. Your security is only as good as your employees. With data breaches happening at record rates, it is essential that companies make sure their employees are well-versed in how to spot potential attacks and how to share and store data. Establishing best practices, regular check-ups and trainings, and more can go a long way in ensuring all employees are reducing vulnerabilities and keeping critical customer data safe.”

Continuing access to data collection and analysis is critical for businesses. Ben Jackson (@cbenjackson), general manager at SAP Customer Data Cloud, explains, “Among the professionals who spend their careers managing and optimizing customer data, it isn’t a secret just how powerful it is. In today’s experience economy, it is the most important ingredient for crafting deeply personalized experiences, delighting customers, and delivering exceptional value.”[8] He adds, “That said, that undertaking entails significant responsibility: Managing a customer’s data is a critical trust point in any business relationship. … There’s no better partner to businesses than an informed, empowered, and data-driven customer. … Businesses can no longer offer vague language and promises about what they can offer in exchange for that information.” He concludes, “By putting customer needs first and setting the highest possible bar for transparency, as well as giving customers control of their personal data, brands can stay ahead of customer expectations and reframe the brand-customer conversation.”

Footnotes
[1] Samantha Stein, “How to restore data privacy after the coronavirus pandemic,” World Economic Forum, 31 March 2020.
[2] Samantha Ann Schwartz, “Why 67% of companies fear they can’t sustain privacy compliance,” CIO Dive, 12 February 2020.
[3] David Weldon, “15 views on why the message of Data Privacy Day is more important than ever,” Information Management, 28 January 2020 (out of print).
[4] Ibid.
[5] Chad Cragle, “Keeping customer data safe and private in the new decade,” Information Management, 28 January 2020 (out of print).
[6] Thomas C. Redman and Robert M. Waitman, “Do You Care About Privacy as Much as Your Customers Do?Harvard Business Review, 28 January 2020.
[7] Chris Mullaney, “Creating a Competitive Advantage Through Data Privacy,” Dataversity, 13 March 2020.
[8] Ben Jackson, “Transparency and Trust: The Key Links Between Data Regulation and Customer Experience,” MarketingProfs, 4 March 2020.