Inside 24 hours of the long-awaited launch of Disney+, the leisure multinational’s streaming service, it was reported that 1000’s of accounts had been hacked, with crucial information stolen and offered on-line. As these breaches are so frequent, we’ve change into nearly unphased by them. Not a day goes by the place our mortgage data, our passwords, and even our previous emails aren’t wrapped up in some kind of endpoint safety failure that assaults our digital privateness.
Concerning the writer
Keith Casey presently serves on the Platform Crew at Okta engaged on Id and Authentication APIs.
The cynic would recommend that is the brand new regular, that we’ve got made a Faustian cut price with massive tech to decide on comfort over safety and privateness. Whereas information studies spotlight firms behaving badly, change could also be on the horizon, each when it comes to firms’ attitudes in the direction of buyer privateness and within the regulatory compliance panorama. Whereas fines and additional authorized ramifications ought to be sufficient to drive companies to take buyer privateness critically, clients additionally must take accountability and push change.
Elevated regulation, improved privateness
All companies are conscious of General Data Protection Regulation (GDPR), the European Union’s privacy regulation, which launched last May. GDPR arose as a holistic approach to update existing, inconsistent and conflicting laws and regulations across the EU and strengthen the protection of individuals’ personal data. Through the ‘right to be forgotten’ measure, increased controls and the enforcement of severe financial penalties for any mishandling of data have encouraged a rethink of data ownership.
There are many examples of ‘the right to be forgotten’ in action. For instance, in Spain, a citizen demanded that outdated information about his house being repossessed was removed from search listings. His claim was upheld after both the Spanish Court and the EU Court of Justice examined the merits of the case, and the information was removed from the public domain.
The awareness of GDPR is being felt well outside of the EU. It has also paved the way for the California Consumer Privacy Act (CCPA), offering similar protections for Californian consumers, demonstrating the growing importance of regulation globally. The CCPA went into effect on January 1, 2020. The regulation puts guidelines on personal information collection and usage by businesses, giving Californians significant visibility and access to what data is gathered, how it is shared and control over its deletion.
With these new regulations, businesses must be more cautious on the issues of consent and provide stringent enforcement of checks and balances across the stack.
Trust is the gateway to customer privacy
In the case of technology, repeated breaches, both accidental and malicious, have destroyed trust, created legal issues and hurt organisations’ bottom lines. According to the Edelman Trust Barometer, a global survey of consumer trust done annually, only 55 per cent of respondents think technology is performing well in protecting consumer data.
This suggests that privacy is becoming a front and centre issue for businesses and governments alike. But can it be a strategic advantage? According to fingerprint identification company, IDEX Biometrics, 75% of UK consumers are concerned about the security of personal data shared with organisations.
Handling privacy proactively and transparently offers significant upside to businesses of all sizes. This means understanding how to practically think about protecting customers’ data, and there are some broad, simple rules that make data privacy and transparency significantly easier for businesses:
Don’t collect unnecessary data: If you don’t need a user’s credit card number, national insurance number, or any other sensitive information, don’t collect it. If you don’t store the information, it can’t be stolen or even leaked by accident. It’s a prudent, responsible decision that reduces risk for companies, teams, and individual developers.
Don’t share unnecessary data: There are times when you must collect the data but that doesn’t require you to also share it. Data sharing needs to be scoped to both the use case and the user and dynamically shifted when necessary.
Always monitor: Too much mobile app development is developed without input or co-ordination from their Security or Operations teams. Developing a better working relationship to establish a baseline of “normal” and investigating anything beyond it is key to limiting unwanted exploitation of privacy and data. While we won’t always catch an attack in progress, the faster we detect, stop, and fix breaches, the less we will suffer legally, financially, and professionally, and this begins with the business apps we develop.
Be transparent: The same policies and practices that worked in 2010 do not work in 2020. At a policy level, we need better privacy policies with clear language to explain customers’ rights and responsibilities. At a technical level, we need to take proper steps to limit what data we share, how we share it, who we share it with, and how those parties may use it and must protect it.
As is always the case, the devil is in the details. But proactively considering data privacy offers businesses a chance to showcase commitment and transparency to customers in an age of waning trust, in addition to avoiding the regulatory headaches of an increasingly complex compliance. This will help give customers confidence that their details will be secure when they engage with your business, which is increasingly front of their minds.
- Secure your privacy online with the best VPN.