The private sector’s rush to collect and monetize consumer data has led many companies to create vast information stockpiles without careful planning. That trend is continuing as developers of the Internet of Things produce countless devices without basic security and privacy features. For many companies, unfortunately, emerging risks tied to data usage have been an afterthought.
Here’s the good news: It doesn’t have to be that way.
Many companies recognize that frequent data breaches have sapped consumer trust. In PwC’s 20th Annual CEO Survey 2017, for instance, 68% of respondents said soaring volumes of digital data had made it harder for businesses to gain and retain customer trust. It is critical for companies to address common risks, including the potential for data to be compromised, stolen or misused; the potential lack of awareness within a company about what data it collects and retains; and the risk of running afoul of increasingly complex global regulations.
Fortunately, companies aiming to thrive in the digital economy can think broadly about emerging risks and take bold action by developing a robust data-use governance framework. Rather than relying on legacy approaches to collecting and stockpiling data that are likely incompatible with emerging risks, this framework should be built on a privacy-by-design approach, which embeds privacy into the architectural specifications of technologies, business practices and physical infrastructures.
A Chief Information Security Officer (CISO) or Chief Privacy Officer (CPO) should spearhead development and implementation of a data-use framework that considers privacy considerations and includes the following elements:
In addition to helping companies monetize data in a way that respects consumers’ privacy, such a framework could also support corporate leaders’ efforts to address emerging data-privacy issues in the workplace and new challenges related to data ethics.
Possession of data, for instance, doesn’t automatically entitle a company to use it. Is it ethical for a company to share its data with another company in order to better understand its customers? Is it ethical to use publicly available information about a candidate to assess his fit for a job? Is it ethical to disclose customer data to government and law enforcement for use in criminal investigations? A framework gives the C-suite a way to tackle such thorny questions.
Currently, no specific laws govern the ethical use of data. However, as we look ahead, expect some change on this front. Regulators are already beginning to interpret laws with an eye toward ethical data use. We’ll see this in the European Union’s General Data Protection Regulation (GDPR), which has established an ethics board that will evaluate companies’ approach to ethical data use. And similarly, the U.S. Federal Trade Commission (FTC) has announced plans to incorporate data ethics into investigations to determine whether data analytics raises ethical or fairness concerns.
Finally, as noted in the U.S. National Intelligence Council’s January 2017 report on future global trends, the world’s growing reliance on data will require the development of clear limits and standards on data ownership, data privacy and protection, cross-border data flows and cybersecurity.