January 28th commemorates Data Privacy Day to raise awareness for privacy issues and promote data best practice. UK Tech News spoke to a range of experts to get their views on where the focus for data privacy should be over the coming year.
Andy Teichholz, Global Industry Strategist, Compliance & Legal, OpenText:
“While government authorities and businesses have been challenged during the pandemic with balancing the twin priorities of protecting public health and protecting personal data, consumers have become more aware of the growing risks around their personal data, including where it may end up and who has access to it. With ongoing news coverage of high-profile data breaches and publicity around new government legislation on the horizon, consumers are more aware than ever before of their data privacy rights and organisational obligations to safeguard personal data. Our recent research found that almost three-quarters (72%) of consumers say they have new concerns about how organisations use their data, since the start of the pandemic.
Customer trust is crucial for business success but gaining and maintaining that trust is not always easy. Almost half (46%) say they would no longer use or buy from a company they were previously loyal to if it failed to protect or leaked their personal data. In today’s digital age, consumer priorities are rapidly shifting to take stock of how their personal data is being processed and used. To this end, customers are more empowered than ever to exercise their rights and reclaim control of their information by submitting Subject Rights Requests (SRRs), with our research showing that more than a third (34%) of consumers would completely abandon a brand if the company failed to respond to a SRR.
With the help of available technologies including AI and ML tools, organisations cannot only locate all personal and sensitive information, they can appropriately classify, manage, and protect it throughout its lifecycle and apply policy-based retention tools to support data minimization. They can also automate the SRR fulfilment process to ensure deadlines are met and that processes are repeatable and defensible. It’s also essential to bake cyber resilience into the fibre of an organisation. While it is impossible to totally remove the risk of a breach, cyber resilience encourages a solid recovery plan to be put in place in the event of one. To create a true information advantage, establishing an integrated data management strategy will also help businesses differentiate themselves in the marketplace.
Customer trust is fragile, and Data Privacy Day is an opportunity for organisations to reflect on their practices – to ensure they are doing all that they can to respect privacy rights, safeguard their customer’s personal data and maintain their loyalty.”
Scott Harkey, EVP, Financial Services & Payments, Endava:
“The global digital payments market continues to expand rapidly as we edge closer to a cashless society and we’re seeing payments become increasingly embedded in the products and services we consume. Technology is fuelling the digital revolution in e-commerce but it’s people – and their sensitive data – which lie at the heart of this innovation. Personal data is the golden asset which companies are increasingly looking to leverage, from apps powered by this data to embedded financial transactions using saved customer information. Identity is key to building meaningful experiences, but this relies heavily on trust. Customers are more aware of their data than ever and will think twice about sharing it if they feel it won’t be protected.
Organizations need to put practices in place to secure consumer data from the very beginning of collection. Tokenization can play a huge role here. While originally used for Personally Identifiable Information (PII), any kind of data can be tokenized, and organizations need to think about how they start using these tools at data capture and how they communicate to customers that their data is secure. With innovation becoming increasingly dependent on personal data, that information must be protected at all costs. Investing in innovative tools that make built-in regulation features a priority will win the day and the public trust”.
Camilla Winlo, Head of Data Privacy at Gemserv:
“Public attitudes to data collection have changed dramatically since businesses realised the power of online consumer insights back in the 1990s. Through the decades, data privacy has become far more visible, culminating in the introduction of GDPR in 2018, and in the few years since, confidence seems to have grown in organisations to keep personal data safe as part of the data exchange.
Recent research from The Global Data and Marketing Association (GDMA), in 2018 and 2022, found that 46% of people are happy to provide personal data to businesses, up from 40% in 2018, with 48% of consumers deeming data exchange to be essential to the running of modern society, up from 41% in 2018. With more awareness of GDPR, consumers are able to trust businesses to be responsible with their data, opening the door for data driven innovation to create tailored digital experiences.
On a holistic scale, data-driven innovation has the potential to help the world achieve big social and environmental goals, such as reducing the impact of climate change. However, these benefits will only be realised for as long as people trust organisations with their personal data. Privacy activists are working hard to surface important issues and to bring poor data privacy practices to light, therefore this Data Privacy Day we implore all organisations to ‘Respect Privacy’, and to evaluate whether their customers would trust their data practices if they were totally transparent.”
John Linford, The Open Group Security & Open Trusted Technology (OTTF) Forum Director:
“According to IBM data, an average data breach costs businesses $4.35M. To maximize their chances to successfully prevent a data breach, it’s no longer feasible for companies to consider all elements of the service topology as ‘trusted’. This Data Privacy Day, rather than assuming any device or user on a network must have passed a security checkpoint and therefore can be trusted, organizations should be looking to models which secure the data and assets those networks are there to carry, requiring continuous verification of trustworthiness in order to ensure security.
In a time when the threat of cyber-attacks is drastically increasing across any industry and for any organization, businesses must look to a solution that protects sensitive data first. A Zero Trust approach provides security for users, data/information, applications, APIs, devices, networks, cloud, etc., wherever they are – instead of forcing a “secure” network within a company. By assuming every action is potentially malicious and performing security checks on an ongoing, case-by-case basis, Zero Trust can reduce successful attacks and protect organizations in the event of a breach as other data and assets remain secure, rather than being accessible by an attacker. In order to effectively implement and ensure proactive mitigation of cyber threats, the industry must support creating standards and align on best practices for Zero Trust as the overarching information security approach in the Digital Age. Doing so will ultimately protect organizations against cyber attacks and loss of sensitive data, as they become increasingly more sophisticated.”
James Walker, CEO, Rightly:
“Data is constantly being gathered without our knowledge or consent – from financial data, to personal interest and contact details, even health information. What’s more, it’s surprising how many companies have a lack of care when it comes to safeguarding this data, which is a cause for concern. Take the recent Twitter hack as an example, where 200 million Twitter users’ email addresses were leaked by hackers, increasing their vulnerability to being scammed out of thousands of pounds and to having private and personal information shared online.
To avoid harm from the data we share, consumers have to be more vigilant and be conscious of the details they are giving away. It’s never too late to find out which companies hold your data, what that data is, and request its deletion to protect yourself. This is the only effective way to prevent scams and online vulnerabilities. On a larger scale, there needs to be greater attention from governments to do more to protect society from the ‘negligent’ data practices of businesses. Initiatives such as the Online Safety Bill must have provisions for protecting consumer’s data online, and have measures in place for penalising those businesses that don’t take data privacy seriously.”
Charles Southwood, Regional VP and GM, Denodo:
“Today’s organisations are not lacking in data. In fact, far from it. In our digital world, every action, reaction and interaction produces a never-ending stream of data. Whilst this data often holds the key to improving operations and beating the competition, the sheer amount that organisations are expected to deal with on a daily basis is causing challenges when it comes to data privacy. This year’s Data Privacy Day provides us with a great reminder that there is still work to be done when it comes to protecting every organisation’s most valuable asset.”
Over the last two years, the business landscape has transformed beyond all recognition. However, we continue to see many organisations struggle to ensure the simple and transparent management of personal data. One of the main hurdles they face is that data is usually distributed in different and separated repositories throughout an organisation; different locations, different formats & protocols and different permissions.
This is why many organisations are turning to modern technologies – like data virtualisation – to get a handle on data privacy. By providing easy and complete access to all repositories, through a single information layer, data virtualisation ensures that data can be traced and audited in real time, no matter where it is stored and without the need for duplication. It facilitates compliance with current legislation whilst enabling organisations to protect their data.”
Cindi Howson, Chief Data Strategy Officer at ThoughtSpot:
“In a digital economy, we are creating, capturing, and sharing more personal data than ever before. Companies rely on customer data more than ever to create actionable insights to personalise services, operate more efficiently and drive business growth. We’re living in the “decade of data” – and with this comes, of course, the decade of data privacy.
Privacy now extends far beyond protecting ourselves physically and encompasses everything we do or interact with digitally: our online footprint, often referred to as our digital twin. We’ve seen a raft of high-profile data breaches in the spotlight this past year which has fuelled public concern around data privacy. As companies become more data dependent, customers become even more reluctant to share data while citizens remain woefully ignorant about data collected on them. It is this tension and misalignment that needs to be properly addressed in order to unlock data’s full potential.
Those working with customer data within any business need to be vigilant about how personal data is collected, stored, and used, as well as the implications of failing to handle this data correctly. Behind this data are real people, many of whom will not hesitate to take their business elsewhere should their data be lost or exposed. Ensuring data privacy is not just a technology issue, it’s also about company culture, process, and controls. And with analysts now able to extract increasing amounts of data from even more internal and external sources, ensuring data privacy must be part of an organization’s DNA. Dumping data from analytics tools to spreadsheets remains a weak link.
Nowadays, laws and regulations such as GDPR, CCPA and LGPD place stricter requirements on organisations, while giving individuals more access and rights around their data. Data Privacy Day, and the extended Data Privacy Week, is our opportunity, as businesses and data leaders, to bring awareness to those persistent knowledge gaps, take a closer look at best practices around data, and open up the conversation around data privacy and protection.”
Brett Beranek, General Manager, Security & Biometrics, Nuance:
“Data Privacy Day serves as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially during times of economic uncertainty.
The sad truth is that cyber criminals and fraudsters haven’t pressed pause on their crimes because of the looming recession. In fact, whether it’s the cost-of-living crisis, rising inflation, supply chain shortages or the lingering disruption left by the pandemic, fraudsters are taking advantage of this era of chaos, targeting individuals and businesses whilst they are at their most vulnerable in order to manipulate their data and steal their personal information.
Against this backdrop, it’s never been more important for organisations to arm themselves and their customers. When it comes to fraud, prevention is always better than a cure and, while there will never be one single silver bullet, investing in the right security solutions will help organisations stay one step ahead. For example, AI-powered voice biometrics is quickly becoming a critical weapon in the fight against fraudsters. This technology can authenticate a person in seconds by using advanced algorithms to analyse millions of unique voice characteristics, from accents and pronunciation to the size and shape of the speaker’s nasal passage. This level of sophistication renders it almost impossible for a fraudster to impersonate their would-be victim.”
Okan Ozaltin, General Manager of Payment Solutions, Signifyd:
“On the eve of Data Privacy Day this year, new data shows that online shopping was the single biggest source of fraudulent activity in 2022 as consumers reported over 67,300 online shopping fraud cases with £103m stolen. Neither the economy nor the rising levels of fraud and abuse are getting any easier for retailers, while the cost-of-living crisis forces consumers to be increasingly cautious with money.
Today’s fraud landscape puts a disproportionate strain on both consumers and merchants, meaning that data protection while shopping online has never been more critical. The need for authentication and overcautiousness because of fears around fraud have created slow and cumbersome experiences for many retailers, and while authentication has been greatly improved through SCA and 3DS 2.0, it still causes friction and unnecessary purchase abandonment.
To overcome barriers to both CX and rates of fraud, the payment ecosystem requires a holistic approach in transaction verification and approval from merchant through to payment provider and issuer. Taking a layered approach to authentication, (balancing friction, risk, and customer experience) will ultimately open up new channels for merchants and support them with growing their customer loyalty and therefore, revenue. What merchants are looking for is to maximise their revenue conversion, protection and cover from fraud and abuse, while also being free to provide a seamless customer experience.”
Allen Downs, Vice President Security and Resiliency Services, Kyndryl:
“It’s becoming more apparent that data is the most valuable asset for a modern business. As digital transformation accelerates across all industries, managing, protecting and assessing business critical data becomes increasingly complex for organisations.
Enterprise data has become significantly more diverse, dynamic and distributed, whilst growing exponentially in volume. Data protection strategies must be robust enough to manage this increase in volume, while protecting against increasingly sophisticated cyber attacks and data corruption. A wholesale approach and change in strategy and architectural designs and the use of immutable storage, air gapping and active data protection is key to ensuring that enterprises can recover back to clean data.
As work becomes more digital, business systems and processes are becoming even more connected. This interconnectivity increases the risk of a small event in one part of a company having a major disruptive impact across the entire organisation. A data protection solution, that can conduct a swift and efficient cyber backup, plus restore and maintain access to critical data, is essential in today’s digital age in order to protect data now and in the future.”
About Post Author
