Today is Data Privacy Day. With a theme of Respecting Privacy, Safeguarding Data, and Enabling Trust, the day celebrates the first international treaty dealing with privacy and data protection. Each year hundreds of organizations come together to drive awareness and education on key data protection concepts targeted to help employees, individuals, and businesses. Educational tools are made available through the National Cyber Security Alliance website www.StaySafeOnline.org/DPD to help people and businesses stay safe online. At Deluxe we are championing this day with an all employee awareness outreach including the sharing of information on the importance of information governance in today’s digital and big data ecosystem.
EMERGING THEMES FOR 2016
In 2016, top media headlines focused on data breaches and privacy advocates focused on new standards for privacy surveillance, but I think the current geopolitical landscape will keep significant advances on those topics cloudy with a chance of meaty progress. I think the topics that will emerge in 2016 will be a continued dialog on Data Protection within Big Data, and the downstream implications created by the regulators to create enforcement in the areas of cybersecurity and data practices governance. So let’s look at these topics and 2016 trends to kick off the potential for this year in data protection.
ACROSS THE POND
One of the hotter topics is the privacy ripple effect from across the pond of the recently finalized Global Data Protection Regulation (GDPR). While still two years out from enforcement, the ramifications are more than a drop in the bucket, and will make many companies think strategically on how they intend to support global and EU market strategies. While this rule will have limited impact to the local community banking organization, it will have broad implications to more global organizations, and to technology service companies that support multiple industries. The third party risk obligations will increase the costs of compliance for many organizations over the next two years. Most U.S. organizations have relied on a “Safe Harbor” life vest to protect them from audit, assurance, or expanded due diligence obligations, and the ongoing negotiations for a “Safe Harbor 2.0” will play throughout 2016 in response to the EU regulations for both businesses and technology service providers.
PHISHING TO SEE WHAT YOU GET
Scary messages from the Verizon 2015 Data Breach Investigations Report showed that 23% of recipients open phishing messages, and 11% click on attachments. For the past two years, incidents that focus on a compromise in cyber-espionage have featured phishing. Their report indicated that 50% of recipients open emails and click on phishing links within the first hour. Phishing and social engineering schemes are not new – however it only takes one inadvertent employee response to create an issue. Technologies have evolved to make the email schemes appear very realistic. The speed in which organizations need to have tools and process to respond has increased at more than knot speed and into light speed. Email filtering, enhanced detection, and response are key anti-phishing tools. However, the people component is critical. 2016 calls for awareness and frequent training for employees, without over-messaging so that employees don’t become immune to the key control messages.
JUMPING IN THE PRIVACY BIG DATA LAKE
Data protection and “Big Data” are only growing in focus. Big Data is positioned by technology pundits as the focus on attributes like “high value”, “high velocity”, and “high variety.” In today’s mobile and digital commerce landscape, data is proliferated broader and deeper than most organizations and consumers realize. Privacy leaders and their technology partners need to build the bridges to take the debate from a Big Data vs. Privacy contest, to one where both goals can be achieved. Consumers value personalization of web experience, but can have different responses to the removal of control of certain types of data collection or onward transfer. It’s all about “context” and the value and benefit of the data collection and usage.
USING DATA DOWNSTREAM
A key debate in the coming years will be on the concepts of data re-usability, data portability, data interference and data re-identification. The data attributes that make us unique are getting fewer and more personal. Consumers understand and typically accept that web traffic data is being used as they shop, use the internet, and they may value personalized or targeted content. The difference is when more sensitive or confidential financial data is at stake – then the rules of customer experience shift to a less personalized and more protective mode. Communicate clearly on how you use data, the benefits of that usage, and how you protect the information, and limit its misuse. Transparency, disclosure, and simple terms are critical to help differentiate those nuances when using data collected in today’s digital landscape. It’s all about continuing to gain and retain customer trust. Bottom line, keep it simple. Be Privacy Aware.
Protect your business, employees and customers. For more tips and resources, visit www.StaySafeOnline.org.