The International Association of Privacy Professionals’ (IAPP) Global Privacy Summit wrapped up just last week and, as always, the event organizers did a fantastic job lining up noted, impressive speakers that really made us think about four aspects of data privacy:
- the impact of being watched;
- capturing personal information;
- the role of government, citizens, companies, consumers; and
- the ethical dilemmas of data collection, use and protection in an increasingly small and interconnected world.
Glenn Greenwald, the journalist who brought us Edward Snowden, and Michael Sandel, Professor of Government at Harvard University (who also happens to teach the most popular class in Harvard’s history, “Justice”) brought up some very interesting and provoking points that are worth sharing here.
Without a doubt, we are living in a data-driven society. We are living in a world of globalizing economies, data transfer, and ubiquitous access to everything from everywhere. At the same time, throughout the past year, we have seen an influx of compliance and data security related stories flood news outlets – Experian and Home Depot, just to name a couple. Companies around the world are facing a heightened demand for data privacy and compliance regulation. Further, from Facebook and Google Glass to NSA and Verizon, there is a continuing balancing act to share information that we choose to share, and at the same time protecting information we wish to keep private. Living in our increasingly social world has and will continue to present a paradox with personal privacy: Information placed on the internet and available publicly can be used in unintended ways, regardless of your original intent. This is true for public sector organizations, businesses, and individuals alike.
One of the issues Professor Sandel raised during his session was whether “knowing that you are being watched may not only limit the thoughts you will have but the thoughts you can have (emphasis added).” So, are Chief Privacy Officers data stewards and advocates for the privacy rights of our employees, customers, and citizens? The reality is that virtually every company is in business to make money, and it is the job of compliance professionals (whether privacy officers, attorneys, or security officers) to help them make money by fully realizing the potential of the data they obtain – but also ensure they are simultaneously protecting that information.
Let’s be clear: consumers are at risk. Not only as their personal information such as credit card numbers, passwords, and security questions are stolen and exposed, but also as their information becomes a valuable commodity sought by anxious data brokers – and even captured by devices like their automobiles and thermostats!
Whether personally identifiable information, health information, financial data, contract information, research and trade secrets, intellectual property, or contract data, this kind of information has become a new kind of currency – and some have even called this personal information the new “oil”. Companies like Google and Facebook have become multi-billion dollar organizations by offering free services simply by being able to attract their users to share this kind of information so they can then use this data to learn about their users and share it with paying sponsors and advertisers. However, shared inappropriately, whether by accident or breach, inappropriate disclosure of sensitive data can have dramatic financial impacts on an organization and can, arguably more importantly, erode consumer trust. Trust is something that businesses must work to establish with their customers every day. Once lost, it is very difficult to regain.
The stakes are high, but if handled properly, risk management transform the way we do business. For effective data management and collaboration to turn into a competitive advantage for the business, timely access to data as well as multi-directional communication flow – with the right risk management filters in place – is essential so data is available whenever and wherever to those who need it, and protected from those who shouldn’t have access. Companies can repurpose their compliance programs traditionally viewed as a “cost center” for the business by turning this previously untapped information into a business asset. This not only creates a quantifiable return on investment for data security and privacy programs, but also helps the company increase productivity and mitigate the potential of violating regulatory statutes.
J. Trevor Hughes, President & CEO of the IAPP, said that “privacy is like a series of dams that we try to set up to limit the data we share as small data from becomes big data.” Technology and proper controls can help make sure the flow of information is controlled, intentional, purposeful, and thoughtful rather than something that becomes destructive to the greater good.