Emerging technologies are creating unprecedented business opportunities, with overall technology spending expected to reach nearly $4 trillion globally this year. But these data-driven innovations—including such advances as combining IoT with AI technologies to enable “smart” machines to simulate intelligent behavior—also bring new business risks around data privacy and ethics and new regulatory compliance issues.
Sixty-four percent of CEOs in our annual survey say changes in the technology driving their business will create disruptions over the next five years. Yet only 28% strongly agree that their company proactively manages security and privacy risks when adopting new technology.
How can companies more confidently navigate these challenges to achieve competitive advantage? The first step is grounding your tech strategy with a robust approach to privacy and ethics.
Artificial intelligence has the potential to affect every aspect of the workplace and could inject $15.7 trillion into the global economy by 2030. AI encompasses “smart” technologies that are aware of and can learn from their environments, enabling them to subsequently take autonomous action and helps organizations solve problems and amplify efficiencies.
Making AI responsible encompasses understanding how data is being collected and used, providing transparency about how it works, avoiding data uses that unintentionally discriminate against individuals and ensuring that AI systems are not built on biased algorithms and are protected from intrusions.
For example, AI used by a financial services company may draw inferences from activity at an ATM near a cancer center, concluding that a customer engaged in such transactions is not a good financial risk because he or she is more likely to be terminally ill. AI algorithms should be devised to exclude such personal characteristics as race, gender, religious orientation and sexual preferences. Companies must be prepared to defend their decisions around which personal information is used to make inferences about customers.
Many businesses aiming to use big data analytics, deep learning and machine learning to achieve competitive advantage must navigate the transparency requirements of the EU’s General Data Protection Regulation (GDPR), which, among other things, gives individuals the right to avoid being subject to solely automated decision-making. These restrictions are expected to limit the potential of AI in Europe.
The great potential of AI also brings great risk. Many organizations recognize the need for responsible AI and are taking the following steps:
The internet of things (IoT) extends network connectivity, letting companies collect data from a wide range of devices, enabling efficiencies and potentially decreasing operational costs. The industrial internet of things (IIoT) could significantly increase productivity and slash costs across manufacturing, transportation, logistics, energy and other industries. Eighty-one percent of respondents in PwC’s Digital Trust Insights survey said IoT was vital to their business. Nearly 75% of companies are making IoT investments today, and nearly half say IoT will be the most important tech for cutting costs, according to the PwC 2017 Global Digital IQ survey. Eighty billion IoT devices are expected to be in use by 2025.
Manufacturers are using IoT to track products as they travel through assembly lines and across the plant. Electric companies are deploying IoT-enabled smart metering to analyze energy consumption, potentially storing reserve electricity for high-demand periods. IoT is helping vehicle fleet operators gain insights into environmental compliance, while optimizing maintenance and logistics, routes and fuel consumption and driver performance.
GDPR, CCPA and other privacy regulations give consumers the right to access and delete their information. But across an ever-expanding IoT network of connected nodes, no single company controls how data is used, stored and deleted. The privacy challenge for each IoT provider is to provide transparency and control over their part of the network—and work with others on an interoperable privacy standard.
Many global companies that use IoT’s extended network connectivity and enhanced data collection to gain a competitive edge must adhere to the GDPR’s rules around privacy by design, building in privacy-friendly default settings such as minimized data storage.
Because of the multitude of connected devices and vast volume of data produced by the IoT, privacy and security are major concerns. Companies need to:
A blockchain is a distributed digital ledger that leverages software algorithms to record and confirm transactions without relying on a central authority, opening the door to autonomous digital commerce. The technology potentially will usher in an era of autonomous digital commerce. Eighty-four percent of respondents to PwC’s survey of 600 executives from 15 countries said their organizations are actively engaged with blockchain. By 2030, blockchain will generate an annual business value of more than $3 trillion, according to Gartner.
A fast-food company currently uses blockchain to let customers exchange virtual coins for burgers. In the future, medical professionals could use blockchain records to store and share healthcare information more effectively without risking privacy breaches. Governments could use blockchain to provide access to a single information source for property records. In digital advertising, blockchain could close the trust gap by letting buyers verify how ads are performing, and confirming the authenticity of digital outlets.
Elsewhere, by providing a more accurate view of a plane’s configuration and maintenance history, blockchain could boost power and efficiency for the aerospace industry. Blockchain could also help transform the tax function by minimizing issues related to the use of different accounting systems, lack of standardization and difficulty producing proper documentation for audits.
Blockchain presents significant privacy challenges, despite its benefits. There’s no established risk and control framework, because each enterprise environment is different. Key priorities are data minimization and true data anonymization—ensuring that any of the myriad personal identifiers in a blockchain can’t be tracked back to an individual. Operational safeguards must be established to cover situations in which technology alone can’t prevent exploitation of blockchain vulnerabilities.
Companies with control over any personal data stored on their Distributed Ledger Technology (DLT)-based systems are likely to be subject to the strict standards under the GDPR, CCPA and other regulations. Simply declaring the data to be permanent when the organization uses the DLT for internal handling of data won’t comply with applicable regulations.
Blockchain was created to enable trustworthy transactions, but there have already been breaches. To safeguard their blockchains, companies need to: