By Alex Wackett, Director of Data Ethics and Privacy at Calligo.
With growing volumes of personal data being collected, analyzed, shared and stored, there is more expectation than ever on businesses to ensure privacy for their employees, clients and wider supply chain. The digital age has streamlined ways of working, improved the targeting and personalization of services and communications and made detailed information available at the touch of a screen. But personal data is exactly that – personal. It falls to everybody to ensure that the privacy and safety of our employees, suppliers and customers are never compromised.
As we head into 2023 and beyond, our industry will continue to be shaped by developing trends in data privacy. Here are our predictions for the top five likely to dominate this year:
1. Increased regulation
Recent years have seen a wealth of new laws enacted across the globe, both at a state and federal level. The European Union’s General Data Protection Regulation (GDPR) was put on the statute books in May 2018, imposing strict rules on how personal data can be collected, used, stored and shared across the 27 member states. Despite numerous attempts, the United States does not currently have a comprehensive federal data protection law, but in late 2022 introduced the American Data Privacy Protection Act (ADPPA).
In the absence of a federal law, a number of states have implemented their own (or are in the process of doing so). California’s Consumer Privacy Act (CCPA), which passed into law in January 2020, is one such powerful example, followed by an amended statute called the California Privacy Rights Act (CPRA) which became law on January 1st 2023.
The trend for new regulation and legislation only looks set to continue, with The Data Protection and Digital Information Bill currently moving through the UK Parliament.
2. Improved transparency
Individuals everywhere rightly expect their personal data to be tightly controlled and kept out of the wrong hands. In a global study by Deloitte in 2021, 66% of respondents said they were concerned about how companies use their data. Yet there are signs that the social restrictions imposed on us as a result of the pandemic have softened the public’s worries about sharing health data with organizations if it is perceived to be beneficial. Around two thirds of respondents in that same survey were comfortable sharing their vaccination status to make travel and entertainment bookings.
Improved transparency will be increasingly important for consumer confidence, with any data breaches punished by severe fines. The largest levied to date was on Chinese ride-hailing service Didi Global, with a whopping $1.2 billion penalty imposed in July 2022.
Practical steps organizations can take to improve transparency include the provision of clear data policies and giving consumers control over data sharing and removal tools.
3. Advances in intellectual technology
Artificial Intelligence (AI) and Machine Learning (ML) are revolutionizing the way we work, but they necessarily require vast amounts of personal data. Anonymizing data will help ensure that companies stay within privacy laws (anonymized records are not classified as personal data and are therefore exempt from GDPR regulations). AI and ML algorithms make decisions based on data input and so recognizably personal data is not required. Organizations can take steps to ensure that data is used in secure and private ways, using third-party data where possible and blocking potential for reverse engineering by bad actors.
4. Greater personal ownership
Organizations and individuals alike are more aware of the value of personal data and as such require ever greater control over how this information is gathered, stored and used. In the corporate world, marketing, sales and HR data brings competitive advantage and so is always closely guarded.
81% of consumers say they are more concerned about how their data is used online, yet most allow cookies with a pre-ticked box for consent and agree to terms and conditions without reading them. The benefits of having information and services at our fingertips outweigh concerns about privacy it seems. Responsible data management begins by asking users for consent – there is more businesses can do to ensure that they give it with full understanding.
5. Tighter Environment, Social and Governance (ESG) reporting
In today’s business landscape, environmental responsibility has become a critical concern for companies worldwide. With the ongoing efforts to achieve Net Zero, companies are required to demonstrate their commitment to reducing carbon emissions and minimizing their environmental impact. This commitment involves a range of activities, including the processing of employees’ personal data. As such, companies need to ensure that their data processing practices align with the highest standards of data protection and privacy to safeguard the sensitive information of their employees. Failure to do so could result in significant financial and reputational damage, as well as legal sanctions.
Organizations must therefore be proactive in their approach to data protection and privacy, developing comprehensive policies and procedures that promote responsible data management. They should also invest in the necessary technology and tools to ensure the secure handling of sensitive data, such as employee records, and provide regular training to employees on data protection best practices. By adopting a holistic approach to data protection and privacy, companies can demonstrate their commitment to environmental responsibility while safeguarding the privacy and security of their employees’ personal data.
If you’d like to explore how to future-proof your organization in line with these data protection trends, please get in touch