Data privacy is more crucial than ever in this era of remote work and home offices. Companies must leverage multi-factor authentication (MFA), complex passwords, idle-session timeouts and strict security controls, while employees should also always lock their screens when not in use, do not permit unauthorized individuals to use or access company equipment, and be given the bare minimum permissions needed to do their jobs.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Good data privacy isn’t just a set of policies and procedures; it’s a philosophy in itself. I spoke to cybersecurity philosopher and implementer Eve Maler, interim CTO at identity platform provider ForgeRock.
Scott Matteson: What are the challenges involved in data privacy?
Eve Maler: Data privacy today involves building a pyramid of solutions. Data protection is the first layer in the pyramid: This is where you work on the security of personal data. The second layer is data transparency: Here you need to inform people what you collected and want to collect about them and how you use it. The third layer is data control: Giving consumers choice and authority over what is collected about their own lives.
Regulations, such as the GDPR and the California Consumer Privacy Act (CCPA), have been enacted in order to hold companies more accountable than ever before for providing greater protection, transparency, and control to consumers over personal data.
Scott Matteson: What can companies do to implement solutions for data control?
Eve Maler: There are four steps companies can take to strengthen consent management and make a difference to earn trust when handling precious consumer data in 2020:
- Identify where digital transformation opportunities and user trust risks intersect. Users are more skeptical these days, but organizations analyze and use those trust gaps to discover new data privacy opportunities for their consumers as they look to digitally transform.
- Consider personal data as a joint asset. It’s easy for the risk leads within a company to say data subjects own their own personal data, but business leaders have incentives to leverage that data for the value it brings to their business model, which changes the equation. All the stakeholders within an organization need to come together and think about data as a joint asset in which all parties, including consumers themselves, have a stake.
- Lean into consent. A business often will have a choice to offer consent to end-users rather than just taking data. Seek to offer the option to the end-user—there are benefits when building trust with skeptical consumers.
- Take advantage of consumer identity and access management (CIAM) for building trust. Identity management platforms, automate and provide visibility into the entire IAM lifecycle, all while allowing end-users to retain the controls to manage their own profiles, passwords, privacy settings, and personal data.
Scott Matteson: How does data privacy differ for consumers versus businesses?
Eve Maler: Consumers love taking part in the connected world, but to do so, they must share personal data. Millions of people are unaware and uninformed about how their personal information is being used, collected or shared in our digital society. Regulations like GDPR and CCPA put a premium on gathering consent from individuals, empowering them to take control over their data.
For businesses, implementing data privacy regulations, such as GDPR or CCPA, should be viewed as an opportunity to build trust with consumers. Data transparency and data control enhance the relationship businesses have with consumers. Businesses should deploy comprehensive identity management and robust consent management systems to ensure there are not only mechanisms that act as their first line of defense for protecting consumer data, but also strengthen the bonds of digital trust for all service users.
SEE: Report: SMB’s unprepared to tackle data privacy (TechRepublic Premium)
Scott Matteson: I myself have advocated for years that people not take those social media quizzes to see what kind of flower they are, or which reveal private information to others. I’ve also instructed my kids never to create online accounts with any personal data such as their date of birth. Speaking of social media, I see a growing trend among many to abandon social media entirely. Is it too drastic of a step? If so, what are some options people can take to be able to use social media with minimal risk?
Eve Maler: Governments are going to continue to put pressure on the tech giants, which will respond by trying to self-regulate to overcome increasing laws that threaten their business models. The privacy hits are going to continue for social and tech giants, and they are going to continue to prove that they don’t deserve consumers’ trust.
The big social networks have more to fear than privacy laws. Greater attention will be paid to dark patterns in 2020, which will encourage legislators and regulators likewise to pay broader attention to antitrust and consumer protection threats. Consumers will not leave their social networks, but we’ll see increased consumer protection laws as a result.
As consumers move toward a personalized experience while seeking a real measure of privacy, they should take advantage of the privacy options that their social network provides and be especially careful about connecting third-party applications.
Scott Matteson: How will privacy concerns/remedies be shaped in the future?
Eve Maler: Privacy remedies and concerns have already begun to shape how enterprises feel toward improving data inventories and data hygiene controls. The US lacks a digital single market around privacy laws. As a result, we are suffering, and we are under pressure to create better regulatory efficiencies. A unified federal-level push to regulate privacy is coming, essentially a US-wide version of the digital single market goal of GDPR, extending outward from CCPA.