For the past decade, companies have put customers at the center of their digital transformation, capturing ever more data to uncover new insights and better serve them with personalized experiences and compelling products and services.
But where does that leave us as we consider data privacy in 2021?
This is the question we posed to expert panelists in our recent SecureWorld Remote Sessions webcast, Customer Data Privacy 2021: It's No Longer Just Business, It's Personal, which is available on-demand.
4 views on the state of data privacy in 2021
At the beginning of the discussion, we asked the panelists for a level set on the state of data privacy and how it looks moving forward. Here is what each had to say.
Jen Mailander, Deputy General Counsel, Data, Privacy & Cybersecurity at Fannie Mae:
"I see five key trends that I think are worth noting. Number one, we've got a fragmentation of data privacy laws, as multiple jurisdictions are coming out with privacy legislation. Existing legislation already exists from GDPR to CCPA, and we've obviously got a variety of breach notification requirement laws that are all over the place.
Number two, we've seen an expanding definition of personal information. So what previously would have been personally identifiable information [PII], we think of driver's licenses as security numbers, has been evolving and expanding into personal information or personal data, depending on your jurisdiction. Now that includes things like social media posts, photographs, recordings, IP addresses.
Three, we've got the expansion of individual consumer rights. A consumer can say, in some jurisdictions, what data do you have on me, show it, and in some cases, I want you to delete that data.
Fourth, is the increased emphasis on data management. So you really are going to be responsible for knowing where your data is, from the beginning or creation, to its disposition.
And then lastly, we need to watch these emerging technologies that are evolving and coming out, like AI, facial recognition, the use of biometric data. We're already seeing new privacy issues evolve from these, and again, if you include how the expanding definition of PII and a consumer's expectation of privacy, and then tied to that the potential for new privacy concerns, and potentially new uses of data that with these new technologies, the sky is the limit. And this is a really exciting time to be here."
Robert Eckman, CISO at Kent State University:
"I've always kind of taken taking the opinion that privacy really isn't an option. Privacy has to be a requirement, and unfortunately, it seems to be the price sometimes of interacting with technologies. Specifically, as we begin to move into the social media areas and people self-identifying their personal information in a very substantive way, they may not realize what they're offering up to other people.
And so I think it's important for us as an industry to recognize that regulation and compliance is hugely important. And we have to meet that based on where we're located and operating. And I agree wholeheartedly that there's a huge fracture in what we see with regard to regulation. But this is the space that I live in: beyond regulation, beyond compliance, is where real security lies.
Compliance measures do not keep data safe by themselves. Compliance measures are typically baseline security type approaches. And really what we're beginning to see as an industry, is moving more technically into a space of being able to provide better protections, from a behavior perspective, from an interaction perspective. This includes more adaptive technologies that reassert the trust relationship on a pretty consistent basis.
And so for me, I'm really excited about where we're moving as we go through 2021 as it relates to tools. But again, I think the biggest gap we have is trying to ensure we can maintain compliance, but really provide true security at the end of the day to keep that data safe. So lots of challenges, but also opportunity."
Rebecca Herold, CEO of The Privacy Professor and CEO of Privacy & Security Brainiacs:
"Well, with regard to privacy over the years, the views of privacy have changed dramatically. And we made progress, but we're still behind. This morning, I actually posted about this event online on my social media sites. And I had a good discussion with a Facebook friend about cookies, and he asked about it. I think he commented to the effect that he thought that it was a bad privacy practice, when he went to SecureWorld to check out this event that I posted about and it gave him a cookies notice. And he said, 'Wait, there's a cookies notice? I thought this was supposed to be about privacy.'
So, I believe his comment implied that all cookies are bad. But it gave me an opportunity to spend a little bit of time providing a very high level explanation for different purposes and the different types of cookies. And you know, what a great opportunity for data privacy day, right?
So I believe that we're always going to be behind on privacy. And some folks might think that sounds very naïve. But actually, we've always been behind in data security, too. And this is because as time goes on, we always have data, it always accumulates. How many people actually delete their data?
So we have data continuously accumulating, and legacy systems are still persisting. We have data that's used for more types of new purposes, while it continues to be used for the old purposes, and it's very important for privacy and security pros to really understand that privacy and information management are not really destinations, not a checklist that you can do; it's an ongoing process. And you have to actually change your process to match your changing business activities. And I do think most security and privacy pros understand this.
But it's a huge challenge for most of them to get executives and other decision makers on board, visibly supporting their efforts and providing some sufficient resources. Besides constantly emerging privacy and data security risks that add on to long-time risks, there are also growing legal requirements for privacy and security."
Jason Hodgert, Product Marketing Manager at Spirion:
"The big thing I think about is how 2020 was a very reactive year. Less than a year ago, I was working in an office, and I'm sure most people on the panel and most people listening were working in an office, and now we've shifted to a different place. Now I work in a basement with a giant teddy bear as a coworker!
I remember my last day in the office and I'm hearing the news with COVID spreading. I took an extra monitor home because, you know, 'I might not be in next week because my kid's school might be closed.' That was 10 months ago.
The perimeter exploded. The perimeter was obliterated, IT resources were getting spread out, VPNs were getting overloaded. And for the first half, or the first two-thirds of 2020, we were basically trying to hold it together with duct tape and bubble gum. And I think everybody did a fantastic job.
And we all sort of breathed a sigh of relief when the clock turned over to 2021, like we thought something magically would happen and make it all go away. And unfortunately, it hasn't yet, but vaccines are coming and we can start to see light at the end of this dark tunnel. And we can also see what this new normal that everyone's been talking about starts to look like. And it looks a lot like what what this looks like.
So seeing how we reactively made sure that security and privacy concerns were being held with the duct tape and the bubble gum, seeing that this is what it's going to look like, there's a real opportunity for data security and data privacy to act proactively and put controls in place knowing that this is what the office in 2021 and the future is going to be like.
And like Bob said, privacy is not an option; it's something that has to be done proactively. It's not something that you can do reactively, or you're going to find yourself underwater very quickly. So that's a long way of saying we spent most of 2020 scrambling. And I think 2021 is going to be the time where we can sit and plan out and proactively tackle the privacy problem."
Additional questions to answer about data privacy in 2021
The rest of the Data Privacy webcast asked and answered the following questions, which sparked a great discussion among the panelists.
- What strategic considerations and steps should you take so that consumers can "own their privacy?"
- Where do data privacy and protection fit in the digital transformation journey?
- How do you turn the proactive protection of consumer data into a competitive business advantage?
- What factors do you need to consider regarding people, processes, and culture to adapt to the hybrid workforce for 2021?
- How can you meet the perennial challenges of acquiring budget for cybersecurity initiatives and doing "different with less?"
- Within the next two years, more than one million organizations will have formalized a privacy officer's role. What advice would you offer them?
- What do you consider to be the number one data privacy and compliance priority for organizations in 2021?
If you want to be proactive about data privacy in 2021, we highly suggest watching Customer Data Privacy 2021: It's No Longer Just Business, It's Personal, which is available on-demand.
In addition to the webcast, don't forget to check out SecureWorld's Virtual Conference series calendar.