Privacy Predictions by CEO Chris Babel
Privacy was ubiquitous prior to 2018. The General Data Protection Regulation (GDPR) deadline came and went as companies scrambled to meet and maintain compliance under the new regulation. Data protection has a strong presence in the media as large companies’ handling of user data is often widely discussed and reviewed.
Since then, many new privacy regulations have been introduced – such as the California Consumer Privacy Act (CCPA), Brazil’s General Data Protection Law (LGPD), and China’s Personal Information Protection Law (PIPL). As a result, more companies will fall under the scope of at least one enforceable privacy regulation. What’s in store for privacy going forward? TrustArc CEO Chris Babel breaks down his predictions for the path of privacy.
Managing privacy will be the new normal, like securing data or paying taxes
Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal.
For example, while many organizations treated GDPR as a project with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes.
Automating aspects of this continuous process using Assessment Manager will save your company time. Assessment Manager is built on powerful technology that identifies where and why your practices don’t align with regulations and defines the path to remediation. The workflow tools and Intelligence Engine detect the need for and then streamline assessments.
Ethics will become increasingly important to data-driven innovation
Once a focus only in healthcare and highly regulated organizations, consumer protection and privacy laws are driving businesses across sectors to consider ethics. The benefits that new tech vendors claim do not outweigh the potential for data misuse and other risks. While companies may start with a check-the-box compliance exercise, the more innovative players will look to differentiate themselves from their competition.
Organizations will set up ethical review committees, ethics teams, and data ethics officers to formally consider the implications of algorithms and machine learning on customer trust and business outcomes. Determining whether data processing is ethical can be done at scale by automating manual processes.
TrustArc offers the expertise and technology to:
- Complete these assessments
- Build a sustainable Data Protection Impact Assessment and Privacy Impact Assessment program if needed
- Automate the process using the TrustArc Platform
- Produce reporting needed to show accountability on demand.
Consumers will exercise their right to privacy
Consumers have become increasingly more aware of the rights and mechanisms that regulations have made available to them to manage and protect their data. As a result, consumers will become more engaged and active in:
- Controlling their privacy settings
- Sharing less information
- Unsubscribing from marketing communications
- Requesting copies of their data
- Requesting that companies delete their data entirely from marketing databases.
Individual Rights Manager helps with the requirements of the GDPR and CCPA. Allowing your organization to provide data subjects and individuals with a variety of rights, including the right of access by the data subject; rectification or erasure; restriction of processing; data portability.
More privacy regulations on the horizon
A U.S. federal privacy law is still being discussed, but unlikely to pass. Although, the 2019 Online Privacy Act was reintroduced at the end of 2021. The United States-Mexico-Canda agreement – will drive new discussions around cross-border data sharing between the U.S., Canada, and Mexico.
Colorado and Virginia recently joined California by enacting consumer data privacy legislation. Additionally, over 160 consumer privacy related bills were introduced across the U.S. in 2021. Broadly, these regulations are similar to the CCPA regarding the collection, use and disclosure of personal information and explicit consent. Looking ahead, states will continue to introduce and pass privacy regulations.
Lastly, the multitude of country-specific privacy laws in Asia will continue to increase across the region.
GDPR enforcement could slow sales and close down businesses
Most people associate GDPR enforcement with heavy fines levied against organizations. However, enforcement can be much worse than onerous financial penalties. An advertiser was recently forced to cease operations in an entire European market as a result of a GDPR violation.
Failure to comply with privacy regulations will have a devastating impact on your company’s operations and reputation as much as its checkbook. Companies that don’t meet GDPR and other privacy and security requirements will lose business to competitors who do.
Most importantly, if you don’t take privacy seriously, you risk losing consumer trust. Nine out of ten respondents agree that all citizens should have a right to delete their personal data, know how their data is being used, and be able to opt-out of having their data used.
Organizations that refuse to adopt this consumer mindset will quickly fall behind.
Maintain consumer trust with the Cloud Privacy Compliance Package, which streamlines your compliance process enabling you to more easily develop a plan, implement controls, and demonstrate ongoing compliance with GDPR.
Privacy regulations will drive innovation and differentiation
Privacy regulations, as the new realities of the world, will force companies to reexamine their approaches to developing innovative and differentiated products and services. GDPR has already forced marketers and advertisers to reevaluate how they use customer data.
Organizations that embed compliance into their entire product development processes – aka privacy by design – offer consumers peace of mind and will win over their trust.
As the rise of the Metaverse and augmented reality continues, there will be numerous effects on the data privacy landscape. How will current regulations apply to a new type of platform? Will developers proactively design consumer privacy protection into the Metaverse?
Our team of privacy experts can help your teams ensure that your programs incorporate privacy by design principles, among other best privacy practices.
The CCPA is the second chance for the CPO and DPO to become strategic company executives
There is significant overlap between the California Consumer Privacy Act (CCPA), which applies to any company conducting business in California, and GDPR. Companies that took the important steps to comply with GDPR are already ahead of the game and will have a relatively clear path to meet the requirements of U.S. state laws.
Now is the time for Chief Privacy Officers and Data Protection Officers to position data privacy as a strategic function within the organization.
Build a sustainable plan, implement controls, and manage ongoing compliance with the TrustArc CCPA Platform and Consulting Services.
Privacy technologies at any price point
As more privacy regulations are adopted, there will be a rapid expansion of the number of privacy technology vendors in the market. With the increased sophistication of privacy technologies, a small company located anywhere globally will now have access to solutions at a price point that fits them and makes it worth their while to comply with specific laws to reach even more customers.