Privacy trends 2013
Technology: opportunity with a steep
learning curve
The technology evolution is something of a double-edged sword.
For organizations and consumers alike, technology opens the doors to a world of opportunities. But there are risks.
Digital transformation demands accountability
Consumer demand is driving the need for digital transformation — a fundamental shift in customer relationships, business models and value chains. Some organizations are using technology to introduce new products or services, improve efficiency and collect more information about their customers than they currently need or know how to use.
By using the internet, social media, mobile and real-time 360-degree analytics, organizations can enhance customer relationships, increase top-line growth, streamline operations, empower talent and use innovation to reinvent competitive solutions and business models.
Where leading-edge technology organizations have been plugged into the privacy debate for some time, organizations slow to join the digital party often know very little about privacy risks or management and have no resources on staff to identify or address them.
As a result, we are seeing an increasing number of rookie mistakes impacting strong global brands as they step into the digital world. Their learning curve is steep, and they will need to determine the requirements, establish a privacy program and become accountable for their digital transformation.
Monitoring uncovers privacy failures
To better manage privacy risk, many organizations have implemented monitoring technology. However, this raises new issues as the monitoring technology tends to shine a spotlight on privacy failures that are often costly to correct.
For years, privacy programs had robust policies and average controls, but very little monitoring. Many organizations didn’t have the tools to monitor privacy given the vast amounts of data and processes involved.
In Privacy trends 2012, we discussed the rise in organizations’ awareness of the need to monitor how personal information is managed. We also talked about the increasing implementation of data loss prevention (DLP) tools tracking for sharing data, tools to track network folders and applications that monitor use patterns on databases.
Once implemented, the new privacy monitoring tools demonstrated more than accountability. They also uncovered more evidence of privacy failures.
These failures reveal the importance of implementing these tools and the need for accountability. The challenge organizations now face is the significant cost for remediation.
Many of the issues cannot simply be addressed with stop-gap measures. Many organizations would have to undertake a complete IT transformation to address the privacy issues monitoring tools are flagging.
In our 2012 Global Information Security Survey, 70% of respondents indicate that they planned on spending relatively the same amount over the next year as they did in the previous year on privacy. That number may have to change to address the increased investment required to improve privacy controls.
Personal privacy versus corporate security
Internally, the mobile device phenomenon is creating challenges between the need to secure the organization’s data without compromising employee privacy.
More than ever before, we are seeing a transition to a fully mobile workforce. Some organizations have closed entire brick-and-mortar offices in a shift to a fully virtual workplace model.
With the rise of the mobile workforce, organizations may have to shift their focus. Unable to control the data, organizations will need to determine who can be trusted with the data.
Many of the more popular mobile devices don’t have sufficient built-in controls to meet security expectations. As well, employees are able to upgrade their mobile device themselves — without having to go through the corporate IT department.
A guest network that is separate from the main network allows employees to use their personal device to gain access to the web directly, perhaps even through a work-only email account. Organizations also may want to consider using third-party services or their own coding to create “sandboxes” where company data and company-issued applications reside, effectively separating them from any interaction with personal data, applications or online services.
These options serve the dual purpose of protecting the organization’s data from unauthorized access as well as the employee’s personal information from being monitored by the organization.