Companies that want to differentiate themselves will have to take a long, hard look at their practices around safeguarding customer data. Practices need to comply with the relevant laws, of course, but they also need to be rooted in ethics. Risk governance technologies make it easier than ever before for companies to be both compliant and ethical – and prove to customers they can be trusted.
20 July 2022 • 4 min read
In the beginning was the business, and the business was with data, and the business was data… Whether your company is large or small, personal data is the foundation of trade – helping to derive customer insights, drive personalized services and make accurate market predictions.
Then came the law: regulations stated that personal data is owned by the people who generate it, and not company property; that those collecting data have to give users full control of how it is treated, and carefully safeguard personal information.
The natural human reaction to a new rule is to find the quickest way to appear compliant by modifying one’s behavior as little as possible – even if doing so ignores the spirit of the legislation. This is generally possible, because the law has shades of gray. Ethics, however, can be seen as binary – decisions and behaviors either align to your values, or they don’t.
Business ethics are a relatively recent phenomenon, having for many years been viewed as superfluous. But business is a matter of trust, and today people are more aware of how their data is collected, used and turned into money. They are also informed daily about breaches and worried about a sense of ‘surveillance’ that undermines their privacy.
It is precisely this growing lack of customer trust in organizations that is transforming the perception of ethics from a cost to a market differentiator.
Trends show how people don’t trust that organizations will keep their data safe, nor that they will collect clear consent. There are also fears that organizations will sell data without permission, or store more data than necessary. It is precisely this growing lack of customer trust in organizations that is transforming the perception of ethics from a cost to a market differentiator.
In this complex scenario, current and emerging technologies are key in making sustainable, ethics-driven choices.
To cultivate the trust of customers sharing their data with companies, it is necessary to be clear from the outset. The more consciously data is shared, the greater value it brings to those collecting it. The law requires that companies explain in simple, concise terms what they intend to do with data, to whom it is eventually transferred, why, and in what form.
Beyond that, blockchain technology could be used for consent management to ensure consent is continuously tracked, and that every subject can revoke consent if they wish. Blockchain could also be used to provide visibility to data subjects of every instance of access, transfer, transformation and deletion of their data, both at the level of a single organization and potentially also at the level of aggregate systems such as a market sector, or even a country.
Personal data that organizations collect is usually the result of several campaigns executed over time. The regulatory framework evolves. The social environment changes. Organizations merge with each other or transfer branches to other companies. Top management revamps the business model to align with or anticipate the market.
Technologies make it possible to maintain an up-to-date, comprehensive and detailed view of all the personal data processed by an organization – this enables the execution of subjects’ rights and supports the risk management process, but is also a deeply ethical choice in itself.
Therefore, often companies don’t have full knowledge of the personal data they manage, or this knowledge is spread over many operational functions without an integrated overview. Technologies in the data risk governance domain make it possible to maintain an up-to-date, comprehensive and detailed view of all the personal data processed by an organization, as well as determining the exact distribution of the relevant data for each individual.
This enables the execution of subjects’ rights and supports the risk management process, but is also a deeply ethical choice in itself, because it generates awareness and a sense of responsibility, and enables cascading others’ choices.
Much of the data that companies collect is not used for either contractual or statistical purposes – but because it might be useful someday.
Instead, the ethics-driven choice is to collect only what is needed and eliminate what is not. This serves the privacy of the data subject, decreases the impact of a possible data breach and makes the business more environmentally sustainable by decreasing its carbon footprint.
To maximize value, data is often moved around and shared with third parties. This widely increases data-related risks, sets specific needs in terms of consent management and may reduce customers’ trust.
Today, however, it is possible to acquire insights from data without accessing or transferring the data itself, such as via an Internet of Trusted Data (offering both auditable verification of identity and data credibility), as well as homomorphic encryption (making it possible to analyze encrypted data without revealing it).
Using these new technologies, data is kept safer in fewer places, and the algorithms only exchange non-identifying statistics. Therefore, corporate functions can ethically work together to facilitate the flow of insights, with the common goal of acquiring maximum value from the data.
Privacy regulations require that data is deleted if explicitly requested by the customer or after a given period. In complex business ecosystems, the deletion process can be onerous and challenging, given the extreme fragmentation of data that, in many cases, exists among business applications.
Again, the detailed knowledge of data distribution provided by data risk governance plays a key role here: full data observability can provide the tools to set an effective retention policy and help business functions to be fully aware of the risks of non-deletion.
In most cases, data protection is done through technology that provides access control. The concept is absolutely valid, but in a time when the risk of data exfiltration increases daily, it’s necessary to identify supplementary security measures. Technologies such as Information Rights Management (IRM) or Attribute-Based Encryption (ABE), for instance, greatly enhance data security by protecting not only the container, but also the content.
Truly embracing the defense-in-depth approach can demonstrate to customers that an organization is treating their personal data as carefully as they would.
Reviewing data protection policies by considering risks holistically, and truly embracing the defense-in-depth approach (the use of coordinated, multi-layered security measures), can demonstrate to customers that an organization is treating their personal data as carefully as they would.
The fact that many global technology companies are putting the care of customers’ personal data at the center of their business is no accident. Privacy ethics is a reality, and its implication in terms of increased consumer trust is already visible. Ultimately, it’s no longer a nice-to-have: almost all players across many market sectors must embrace ethics – or lose market share.
There is an expanding tangle of growing business needs, more stringent privacy regulations and higher standards of ethics. Luckily, technology can help us unravel it – providing better outcomes and higher trust not just for customers, but for the organization itself.
Discover more inData privacy
In a hyperconnected world, cybersecurity is a vital part of protecting both corporate reputation and the safety of employees. While IT departments might be responsible for putting systems in place, it takes every employee from the C-suite down to ensure those systems remain intact.
16 August 2022 • 4min read
Does today’s need for cyber vigilance conflict with the move towards organisational intelligence and its need to share data? We believe the opposite is true – robust cybersecurity can be a powerful enabler of progress.
01 February 2022 • 3min read
Ignore digital trust at your peril. Customers are talking with their feet, cutting ties with brands that display poor data security. The essential ingredient, in this age of digitization and mass data collection, is unwaveringly strong cybersecurity.
20 July 2022 • 4min read
Obtaining data can open up a whole wealth of business opportunities, as long as the data is valid and trustworthy. However, having incorrect, outdated or inaccurately sampled data can be damaging and costly. In such turbulent times, how can we secure data integrity for the best outcomes for businesses?
13 June 2022 • 6min read
Businesses strive to create new technologies, products and services that reshape or even disrupt their markets. Yet businesses also need to understand they must innovate sustainably and ethically. With pressure to innovate quickly - bias, ethics and discrimination can easily be forgotten.
01 February 2021 • 5min read
The different needs of cybersecurity continue to evolve, in the same way that businesses must adapt and respond to these cybersecurity risks and challenges. Partnerships are just one of the many ways in which businesses can protect themselves and move with the times.
20 June 2022 • 4min read
Strict ID checks become increasingly imperative in our rapidly evolving digital landscape, but sometimes they can be arduous. How can companies protect themselves and their customers from cyber risk while ensuring their processes are convenient, effective and user friendly?
22 June 2022 • 4min read
There are misconceptions around Zero Trust, as businesses may be fearful of a perceived need to completely rebuild their security architecture, but all it takes is a step-by-step approach. What is the journey to making the security of your business airtight?
20 June 2022 • 4min read
The zero trust journey is all about taking measures to assure your business security at every level. While it sounds complex, it is more simple than it seems, and is worth every effort to ensure that access to data is only granted to those who have sufficiently proved their identity at every stage necessary.
13 June 2022 • 4min read
As our digital abilities become increasingly sophisticated, our cybersecurity measures develop at the same pace that a cybercriminal’s savviness also can. Businesses must continue to take the right measures to protect their futures with the developments of remote access and other digitization efforts.
22 June 2022 • 5min read
Whatever the trigger, significant technological and other business changes should never damage your customers’ trust in you. This means keeping their personal data safe. In fact, done well, data protection ought to increase confidence in your business. How to get there? It starts, as with many things, with a detailed understanding of the challenges and strong governance around the solutions.
20 June 2022 • 4min read
If the modern firm is an organism living through rapid and complex changes in its ecosystem, then data insight provides its sensory information. Using data to drive decision-making, as has long been the case for telecoms companies, holds the key to continual adaptation and improvement.
01 June 2021 • 4min read
In a post-pandemic world of rising prices, broken supply chains and disruptive technologies, where do trust and transparency fit? Are they nice-to-have luxuries or essential components of success? If they are essential to success, how can businesses deliver them to increasingly cynical consumers?
20 July 2022 • 5min read
New and evolving technology landscapes need evenly-matched cybersecurity: as new opportunities arise through digital tools, so too do new risks. Using a framework such as Zero Trust – which assumes every entity attempting to access the system or network may have malicious intent and therefore, as a default, should not be trusted – provides the visibility and controls needed for modern businesses to protect themselves and their customers.
19 July 2022 • 1min read