The issue of data privacy has risen dramatically over the past few years, from a fringe concept to a major regulatory concern, particularly with the creation of GDPR. But what predictions do experts have for data privacy in 2020?
We heard from experts across the technology space about their predictions for 2020, from new regulations to emerging business practices shaping data privacy.
2020 data privacy predictions
The rest of the data privacy iceberg will begin to emerge
While regulations like Europe’s GDPR and the California Consumer Privacy Act (CCPA) have already been established, we will continue to see new regulatory developments surrounding data privacy through 2020 and beyond. Although these regulations have their inherent differences, the general scope of data privacy laws is to give consumers the right to know how and what type of personally identifiable information (PII) is collected, and the option to take legal action in the event that they should incur damages from bias or data security breaches.
Until now, most organisations have focused their efforts on structured information, but they must also be able to understand what PII is located in textual data documents. Archived data, in particular, is an especially pressing concern for most enterprises. AI-powered solutions will be instrumental in locating sensitive data and managing it through automated workflows.
Organisations will also need to establish internal data governance practices to determine who is accountable for data security and enterprise-wide policy, which may include creating teams that blend technical and regulatory expertise.
Zachary Jarvinen, head of technology strategy, AI and analytics, OpenText
Data-as-a-Service will become a growing source of revenue for big companies
The effective use of enterprise data for strategic decision making has become a key priority for all big companies in the last few years. As a consequence, companies have created high quality datasets and a sophisticated technology architecture to manage them and expose them to consumers. Companies have also invested heavily in automating their business processes for greater efficiency.
In the new year, since many big companies will now own high-value, unique data and services, the next logical step is reusing this infrastructure in order to offer them to third-parties. For instance, we are already seeing telecommunications companies selling customers geolocation data for a variety of purposes.
This trend will be significantly accentuated during 2020 in all major industries. From the investment standpoint, this will involve higher demand for the technologies involved in creating and exposing data as a service, like GraphQL, Data Virtualization and/or API management tools.
Alberto Pan, chief technical officer, Denodo
The emergence of global data standards and data-centric roles
Data bloat is only one of the challenges facing organisations in 2020. The next most pressing will be data quality and efficiency of managing it. Not all companies take the same pains to optimise their data, resulting in repositories of unstructured data that are larger and less efficiently managed than they should be.
While standards such as GDPR have started to make a positive impact on helping companies prioritise data hygiene and protection, there is no single, global framework that tells businesses how they should store, manage, classify, protect and secure their data.
It’s easy to become accustomed to the status quo, but this divergence in data practices only slows down the flow of data between organisations and forces many to waste added time and resources on data cleansing and management. Data has become the lifeblood of many sectors – we can’t afford to let it clot. That’s why we’ll see the beginnings of a concerted movement across industries to bring in legally enforceable standards for data quality. Arguably synthetic data will commonly be used as a mechanism to share intelligence without compromising the source or the subject of the data.
A single, global data standard that crosses borders remains a pipedream, but we should expect to see many industries start to entrench good data practice for their members, regardless of their country of origin or location of their customers. The penalties for non-compliance may even include fines, the loss of industry accreditation or being banned from important associations. Of course, mileage and speed will vary from sector to sector – already heavily regulated industries like banking and healthcare will likely take the lead – but any progress means better data quality and fewer data dilemmas.
The question is, who in the organisation will be charged with enforcing these new data standards? Many businesses already employ chief data officers (CDOs) and data protection officers (DPOs) to ensure their digital estate is secure and protected. However, the sheer amount of data they are responsible for, coupled with the growing awareness of data’s importance across the entire business, means we are going to see data responsibility filter out rather than become more centralised.
Rather than having a single CDO or DPO, different departments will begin to employ personnel with multiple competencies, including data expertise. Candidates with data experience in addition to the skillset traditionally expected for their role will only become more sought after as organisations hire for new hybrid roles. Other departments may take the alternate approach of hiring their own data specialist. Regardless, the time when data responsibility was passed off to IT or laid solely at the feet of the CDO will come to an end.
Jasmit Sagoo, senior director, head of technology UK&I at Veritas Technologies
A flood of data privacy regulations
The cybersecurity Magic 8 Ball indicates that ‘all signs point to yes’ when asking whether more regulations would come in 2020. CCPA and NY SHIELD foreshadow 2020’s privacy and security trends. The United States Congress debated a federal privacy regulation in June 2019. Despite being derailed at the end of the year, businesses and congresspeople alike are pushing to create a single, cohesive federal law governing privacy and security.
The United States isn’t the only country looking to formalise and consolidate its privacy laws. The Saudi Arabian Monetary Authority (SAMA) cybersecurity framework in conjunction with the GDPR’s extraterritorial impact pressures other Middle Eastern countries to update their privacy regulations. For example, the Dubai International Financial Centre Authority (DIFCA) sent out a call for public commentary in June 2019. 5.
More than quantity – also quality. If the GDPR and CCPA taught the cyber community one lesson in 2019, it would be that not all laws are created equally. While the GDPR and CCPA are testing just how far a ‘local’ law can reach, India’s Personal Data Protection Bill and the failed New York Privacy Act test the standard of care companies need to provide.
Both of these regulations use the term ‘data fiduciary’. Traditionally used in terms of money, a fiduciary duty requires a company to act in someone else’s (often shareholders’) best interests. If regulations continue to use the term ‘data fiduciary’, organisations may be held to a higher standard of care than ‘negligence’. If regulations begin to adopt the term ‘data fiduciary’ in 2020, we predict a cultural shift recognising information as a financially valuable asset.
Alex Heid, chief research officer at SecurityScorecard
Consumer rights, data privacy regulation and more lawsuits
Customers are more aware now of the rights of GDPR and other data privacy regulations around the world. And as breaches hit the headlines every day, 2020 will be the year customers start to ask more questions and demand more control over where organisations are storing data and how they are protecting the data.
In 2020, companies will pay nearly $3bn in fines and payouts from lawsuits, a 50% increase over 2019. As a results, data discovery, classification and remediation by protection sensitive data through automated workflows will become important and be an extremely important initiative for enterprises.
Ashvin Kamaraju, CTO for cloud protection and licensing activity at Thales
Corporate transparency to become a necessity
2020 will require that companies make transparency a reality. Consumer demand for brands to be more open is clear. If they don’t pull back the curtain on their business, they will lose trust and ultimately loyalty.
Data transparency is the hottest topic, for sure. It’s not easy for businesses to do, but they will need to find ways to be more open about the data they collect, how they use it, and how it impacts decisions. They also need to show how they’re protecting it.
Beyond personal data, proving the provenance of products – from food to clothes – and demonstrating ethical and environmental credentials will all become more important. The reason more transparency will be really important in 2020 is because demand for it is growing, and the technology/tools are available, so we’re on the verge of someone being able to do it really well.
Once one brand is able to redefine customer relations in this way, they will set the standard of expectations, and everyone else is instantly behind. And if they lag behind for too long, they might find themselves on the list of companies that couldn’t survive in the digital era.
Emma Kendrew, intelligent engineering services lead for Accenture Technology