Emerging tech privacy

Emerging technologies are creating unprecedented business opportunities, with overall technology spending expected to reach nearly $4 trillion globally this year. But these data-driven innovations—including such advances as combining IoT with AI technologies to enable “smart” machines to simulate intelligent behavior—also bring new business risks around data privacy and ethics and new regulatory compliance issues.

Sixty-four percent of CEOs in our annual survey say changes in the technology driving their business will create disruptions over the next five years. Yet only 28% strongly agree that their company proactively manages security and privacy risks when adopting new technology.

How can companies more confidently navigate these challenges to achieve competitive advantage? The first step is grounding your tech strategy with a robust approach to privacy and ethics.

AI

Artificial intelligence has the potential to affect every aspect of the workplace and could inject $15.7 trillion into the global economy by 2030. AI encompasses “smart” technologies that are aware of and can learn from their environments, enabling them to subsequently take autonomous action and helps organizations solve problems and amplify efficiencies.

Applications today and in the future

  • HR: AI helps companies determine top job applicants.
  • Healthcare: AI-powered diagnostics use a patient’s unique history as a baseline against which small deviations flag a possible health condition.
  • Transportation: Autonomous vehicles use AI for vision and pattern recognition, to respond to data captured by vehicle sensors.

Privacy challenges

Making AI responsible encompasses understanding how data is being collected and used, providing transparency about how it works, avoiding data uses that unintentionally discriminate against individuals and ensuring that AI systems are not built on biased algorithms and are protected from intrusions.

For example, AI used by a financial services company may draw inferences from activity at an ATM near a cancer center, concluding that a customer engaged in such transactions is not a good financial risk because he or she is more likely to be terminally ill. AI algorithms should be devised to exclude such personal characteristics as race, gender, religious orientation and sexual preferences. Companies must be prepared to defend their decisions around which personal information is used to make inferences about customers.

Many businesses aiming to use big data analytics, deep learning and machine learning to achieve competitive advantage must navigate the transparency requirements of the EU’s General Data Protection Regulation (GDPR), which, among other things, gives individuals the right to avoid being subject to solely automated decision-making. These restrictions are expected to limit the potential of AI in Europe.

Addressing the privacy concerns around AI

The great potential of AI also brings great risk. Many organizations recognize the need for responsible AI and are taking the following steps:

  • Boosting AI security with validation, monitoring and verification
  • Creating transparent, expandable, provable AI models
  • Creating systems that are ethical, understandable and legal
  • Improving governance with AI operating models and processes
  • Testing for bias in data, models and human use of algorithms

Take PwC’s Responsible AI Diagnostic.

IoT

The internet of things (IoT) extends network connectivity, letting companies collect data from a wide range of devices, enabling efficiencies and potentially decreasing operational costs. The industrial internet of things (IIoT) could significantly increase productivity and slash costs across manufacturing, transportation, logistics, energy and other industries. Eighty-one percent of respondents in PwC’s Digital Trust Insights survey said IoT was vital to their business. Nearly 75% of companies are making IoT investments today, and nearly half say IoT will be the most important tech for cutting costs, according to the PwC 2017 Global Digital IQ surveyEighty billion IoT devices are expected to be in use by 2025.

Applications today and in the future

Manufacturers are using IoT to track products as they travel through assembly lines and across the plant. Electric companies are deploying IoT-enabled smart metering to analyze energy consumption, potentially storing reserve electricity for high-demand periods. IoT is helping vehicle fleet operators gain insights into environmental compliance, while optimizing maintenance and logistics, routes and fuel consumption and driver performance.

Privacy challenges

GDPR, CCPA and other privacy regulations give consumers the right to access and delete their information. But across an ever-expanding IoT network of connected nodes, no single company controls how data is used, stored and deleted. The privacy challenge for each IoT provider is to provide transparency and control over their part of the network—and work with others on an interoperable privacy standard.

Many global companies that use IoT’s extended network connectivity and enhanced data collection to gain a competitive edge must adhere to the GDPR’s rules around privacy by design, building in privacy-friendly default settings such as minimized data storage.

Addressing the privacy concerns around IoT

Because of the multitude of connected devices and vast volume of data produced by the IoT, privacy and security are major concerns. Companies need to:

  • Build privacy and security in the planning stages, as the foundation of the IoT
  • Safeguard data from its creation at the edge of the network, while in transit and when stored in-house or in the cloud
  • Ensure IoT data—especially personal information—is accurate
  • Create corporate policies regarding privacy—and enforce them
  • Educate employees about safe privacy and security practices, including the use and sharing of personal information
  • Make sure ecosystem partners agree to and enforce privacy and security guidelines
  • Know and follow government privacy laws and industry regulations

 

Blockchain

A blockchain is a distributed digital ledger that leverages software algorithms to record and confirm transactions without relying on a central authority, opening the door to autonomous digital commerce. The technology potentially will usher in an era of autonomous digital commerce. Eighty-four percent of respondents to PwC’s survey of 600 executives from 15 countries said their organizations are actively engaged with blockchain. By 2030, blockchain will generate an annual business value of more than $3 trillion, according to Gartner.

Applications today and in the future

A fast-food company currently uses blockchain to let customers exchange virtual coins for burgers. In the future, medical professionals could use blockchain records to store and share healthcare information more effectively without risking privacy breaches. Governments could use blockchain to provide access to a single information source for property records. In digital advertising, blockchain could close the trust gap by letting buyers verify how ads are performing, and confirming the authenticity of digital outlets.

Elsewhere, by providing a more accurate view of a plane’s configuration and maintenance history, blockchain could boost power and efficiency for the aerospace industry. Blockchain could also help transform the tax function by minimizing issues related to the use of different accounting systems, lack of standardization and difficulty producing proper documentation for audits.

Privacy challenges

Blockchain presents significant privacy challenges, despite its benefits. There’s no established risk and control framework, because each enterprise environment is different. Key priorities are data minimization and true data anonymization—ensuring that any of the myriad personal identifiers in a blockchain can’t be tracked back to an individual. Operational safeguards must be established to cover situations in which technology alone can’t prevent exploitation of blockchain vulnerabilities.

Companies with control over any personal data stored on their Distributed Ledger Technology (DLT)-based systems are likely to be subject to the strict standards under the GDPR, CCPA and other regulations. Simply declaring the data to be permanent when the organization uses the DLT for internal handling of data won’t comply with applicable regulations.

Addressing the privacy concerns around blockchain

Blockchain was created to enable trustworthy transactions, but there have already been breaches. To safeguard their blockchains, companies need to:

  • Ensure that all new entrants to a public blockchain are verified
  • Carefully evaluate the pros and cons of private vs. hybrid or public blockchains in regard to privacy
  • Safeguard against criminal activity that includes hacking cryptocurrency wallets and stealing funds
  • Educate customers and employees on the importance of keeping their private keys safe
  • Make sure the blockchain adheres to GDPR privacy guidelines and does not include any personal data (known as blockchain privacy poisoning). EU residents can request their information to be deleted, but, once a block is verified, this is no longer possible.

Five steps companies can take when adopting emerging technologies:

  1. Undertake a privacy impact assessment to ensure that all technical and organizational risks and mitigating actions are identified and addressed where possible.
  2. Consult with stakeholders (including consumers or communities of interest) potentially affected by the technology to get input on their specific concerns and issues.
  3. Ensure you are able to identify and correct inaccuracies in the data being processed, and minimize potential risk by building privacy and security considerations into the design processes.
  4. Create security and technical safeguards robust enough to protect against cyberattacks, data loss, staff misuse and other security risks you have identified.
  5. Identify and address any biases that may impact fairness and could develop given the way an algorithm or machine collects and processes data.

ITM Articles

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

Contact us

Sean  Joyce

Sean Joyce

Global and US Cybersecurity, Privacy & Forensics Leader, PwC US

Joseph Nocera

Joseph Nocera

Cyber & Privacy Innovation Institute Leader, PwC US

Joseph Greene

Joseph Greene

Principal, Cybersecurity and Privacy, PwC US

Jay Cline

Jay Cline

US Privacy Leader, Principal, PwC US

Follow us