Data privacy is considered one of the decade’s most important issues. Incidents surrounding data privacy have taken center stage, what with Amazon being fined a record $887 million and WhatsApp reportedly losing millions of customers due to issues stemming from consumer privacy. 2022 won’t be any different.
Consumers, owing to their ongoing patronage, are increasingly entrusting businesses with their private data. With data breaches reaching new highs every year, this is raising questions around the liability and accountability of businesses that collect, process and hold sensitive data.
The need to develop new products as well as to personalize the user experience and create targeted marketing campaigns are increasingly driving businesses to collect location tracking, usage metrics and other forms of Personally Identifiable Information (PII).
The proliferation of the Internet of Things (IoT), biometric devices and artificial intelligence in our daily lives (smart-home tech, wearables, intelligent cars, etc.) is creating an explosion of data collection points, putting consumer privacy at even greater risk.
Since the internet is borderless, there is growing concern from governments around illegal cross-border data transfers and localization of data.
In addition to the above, a number of countries and U.S. states, including Colorado and Virginia, are expected to roll out their own data privacy laws and these will no doubt lead to more discussions surrounding the privacy of individuals. What’s needed is a national data privacy roll-out, instead of a patchwork quilt of varying state-to-state policies that will only deter interstate commerce, stifle innovation and add unnecessary complexity and confusion.
Businesses Need To Be More Responsible
There isn’t a silver bullet to consumer data privacy; different organizations are at different stages of privacy maturity. Privacy is an evolutionary process that matures with time, effort, experience and changes in the industry and the regulatory environment. Four recommendations below can serve as guidance for organizations looking to advance their data privacy program maturity.
1) Involve All Functions And Departments
Data protection concerns every department (HR, marketing, sales, product development, operations), and each one tends to process data differently. Every department will have a different collection point and a number of third-party vendors they deal with. Ensure your program takes into account every department, every process and every vendor.
2) Document Your Practices
Documentation helps put things in perspective and provides an accurate and granular insight into organizational practices and key areas of risk. Map out your entire data lifecycle (using data flow diagrams) and the process each department uses to collect, store, access, use and share consumer data. Outline the organization’s legal and contractual obligations and the process with which end users can manage their privacy rights.
3) Go Beyond Compliance
Due to legal and compliance obligations, organizations can make a common mistake on their data privacy journey because they see it as a checklist of items that need to be crossed. Businesses should instead see privacy as a consumer’s fundamental right and view compliance practices as a step along the way, not as the ultimate destination.
4) Assess Your Privacy Posture Repeatedly
As organizations evolve, their departments, processes, products and vendors should evolve with it. It’s recommended that organizations carry out a Data Protection Impact Assessment (DPIA) on a regular basis to help identify risks proactively and reduce the likelihood of any impact to the organization or its customers.
Consumers Need To Be More Responsible Too
The internet belongs to everyone, and as consumers, we too have a responsibility of practicing safer privacy hygiene. Here are four best practices for consumers to know:
- Assess Social Media Settings Regularly: Linkedin, Twitter, Facebook, TikTok, Reddit, Quora and other social media platforms routinely gather data about your interests and activity on their platforms and can publish it without your explicit consent. Ensure to review your privacy settings at regular intervals to check whether your settings are where you want them to be. Only share information that you’re comfortable with living online permanently.
- Review Browser Privacy Settings: Some browsers offer better control over privacy than others, such as the Global Privacy Control (GPC) functionality that consumers can turn on to opt-out of having their personal data sold by the websites they visit. Consumers can also choose to disable third-party cookies in their browser. This may only limit online exposure to an extent but know that the technology is already on the verge of being replaced.
- Opt-out Of Third-Party Advertisements: By visiting Network Advertising, consumers can freely opt out of a range of third-party, interest-based advertisements and tracking.
- Use A Password Manager: At least 65% of consumers reuse their passwords across websites, devices and applications. It’s time consumers move on to third-party password managers (not those native to browsers), which offer a safe, easy and convenient way of storing and auto-generating strong passwords and reducing privacy risk in the event of a breach or data leak.
As regulations evolve and internet access becomes as ubiquitous as electricity, data privacy will be at the forefront of every online interaction. As individuals and businesses, we must exercise our choices carefully and stay vigilant so that we can protect our data and control the misuse of personal information.