One defining feature of 2019 was an increasing focus on data privacy around the world, including a variety of new government regulations. Data privacy is a hot topic because cyber attacks are increasing in size, sophistication and cost. Accenture reports that the average cost of cybercrime has increased 72% in the last five years, reaching US$13.0 million in 2018.
In this article, we will talk about pressing data privacy issues and how they can influence your business.
Why is data privacy important?
The recent focus on privacy concerns is driven by numerous cyber security attacks that led to massive breaches of personal data. In response, regulations designed to strengthen consumer privacy protection have been developed in countries around the world, from the U.S. to India to Australia. The EU’s GDPR (General Data Protection Regulation) in particular has had an important impact. In addition, many individual states in the U.S. have adopted their own privacy protection laws, such as the CCPA (California Consumer Privacy Act), and their number is still growing. We should expect more legislative activities in the future, as Congress is working to implement a U.S. federal data privacy law.
Exactly why is data privacy important? It is important to consumers because a breach of personal information can damage an individual’s fundamental rights and freedoms, including the risk of identity theft and other types of fraud. But data privacy concerns are also important to organizations. Any unauthorized collection, careless processing or inadequate protection of personal data introduces multiple risks. In particular, organizations that fail to comply with privacy requirements are at risk of steep fines, lawsuits and other penalties. The CCPA, for example, grants the private right of action if a breach occurs and data was not encrypted or anonymized, and GDPR fines can reach 20 million euros or 4% of a company’s global annual turnover for the preceding financial year. Authorities can even ban the business from processing personal data in the future.
These severe consequences for noncompliance are perhaps the strongest driver for rising privacy awareness among organizations. Organizations have to take privacy into account before they use an individual’s data, for example, by selling customers’ personal data to third parties To meet modern compliance requirements and satisfy consumers, all organizations have to take steps to protect the healthcare records, financial data and other personally identifiable information (PII) they process and store against cyber attacks.
A focus on data privacy is a differentiator.
Apart from legal sanctions, organizations face reputational risks if they fail to ensure data privacy protection. To maintain customer trust today, a company must demonstrate that data privacy is one of its core values. Indeed, while many businesses still view privacy policies as a set-and-forget legal routine, the consumer’s attitude has changed. According to PwC research, only 25% of consumers believe most companies handle their personal data responsibly.
As people become more aware of the loose handling of their data by social networks, tech giants and governments, implementing strong control over handling of personal information is becoming a powerful business advantage. According to Gartner, brands that put in place user-level control of marketing data will reduce customer churn by 40% and increase lifetime value by 25% in 2023. Thus, companies will be working to meet the transparency bar by ensuring they can explain why they collect and share specific data, as well as prove that they have properly asked consumers for permission and notified them about data collection and processing.
Defending against supply chain attacks.
One key trend for the coming year will be third-party risk management. While breaches at large enterprises dominate the headlines, their supply chains are an attractive target for hackers as well, because of their digital connections to larger enterprises.
Therefore, companies need to ensure that their partners, suppliers, re-sellers, and service providers are protecting data properly. For example, the GDPR requires working only with third parties that demonstrate they have measures in place to protect personal data. Accordingly, organizations need to take a risk-based approach to evaluating partners and vendors, and establish agreements about topics such as data breach notification obligations and cooperation in fulfilling data subject requests.
The importance of employee training will grow.
The coming years will undoubtedly bring new regulations with more stringent requirements and steeper penalties. However, there is no reason to delay implementing core best practices. Indeed, if you want to avoid appearing in the next big data breach headline, it is vital to start managing your risks now and make privacy a fundamental part of your DNA.