3 data privacy trends to expect in 2021
It’s Data Privacy Day (January 28) – an international effort to empower individuals and encourage businesses to respect privacy, safeguard data, and inspire dialogue on how private data should be used, collected, and shared in our increasingly digital society.
In 2020, enterprises were faced with some of the most formidable challenges to a business environment in the digital age. Companies were forced to adapt, cultivate resiliency, creativity, and focus intensely on meeting customer needs. Just 15% of firms claimed to be digitally-equipped to face the disruption last year, but with tech adoption accelerating as a result, more businesses will turn to digital operations, products, and ecosystems to stay profitable and relevant this year.
But with wider digital adoption – and more and more sensitive customer and business data being generated as a result – so too rises the ramifications for data privacy. On Data Privacy Day, we look at three privacy trends that are very likely inbound in 2021, according Forrester Predictions 2021.
Expect more privacy laws
Log onto most websites these days, and one of the first things you’re likely to see are notifications about data cookies: how the website is collecting your data, what it intends to do with it, and foremost is agreeing to accept these data usage terms.
Those terms are a direct consequence of the EU’s GDPR privacy and security laws (among international equivalents) which although drafted in the European Union, are actually imposed unto every organization, so long as they target or collect data from people residing in the EU.
Expect far-reaching data privacy legislation like the GDPR and the California Consumer Privacy Act of 2018 (CCPA) to become more pronounced in more global regions this year, responding to an ever-greater drain on citizen digital data from more sources than ever.
India is expected to have its privacy rulings become law in 2021, and Brazil responded to heightening digital services in the country with its own data privacy law in late 2020. And with the UK’s chaotic exit from the EU, it remains to be seen how international shared data services will be carried out if the UK is no longer subject to the GDPR.
Gartner data suggests that by 2023, 65% of the world’s population will have their personal data covered under some form of modern privacy regulations.
“Whilst not all companies are required to comply with data privacy laws like GDPR or CCPA, they should still follow data protection competencies,” said Samantha Humphries, senior security strategist at Exabeam.
“It is good practice for organizations to question: Is data monitoring lawful and fair? Will it be used for a specific purpose? Are reasonable steps being taken to erase or rectify data? Is data deleted once it is no longer necessary? And is data being appropriately secured?”
Data privacy automation
With new privacy laws coming into effect, presenting differing legislation and compliance procedures in different territories, it will become burdensome for companies to keep track of which laws they are adhering to.
This has led developers to create software to automate data privacy. These can range from handling privacy requests to management platforms to filter consent and preference settings. In 2021, we can expect the trend of data privacy automation to become more widespread, with more firms purchasing automation services, and new software solutions being developed.
“When it comes to regulatory compliance, [automation] can knock months or even years off your project time and reduce the risk of your organisation being in breach,” said Simon Spring, senior account director, EMEA at WhereScape.
“Automation software can help an organization deliver on the key requirements of GDPR whilst also unburdening employees, helping them to do their jobs better, and allowing them to focus on more value-add tasks.”
In 2020, there were 331 data breach notifications per day across Europe – a 19% increase on 2019 – with the UK ranking second-highest for the total value of fines for data protection violations.
“There needs to be a shake-up in priorities and how business leaders approach their responsibilities for data security. Automated processing of data could be that change we need to see,” said Spring.
Better user awareness
Cyber hygiene proponents have repeatedly highlighted how system users are often the weak link allowing – either by accident or with intent – data security breaches at their organizations. This issue might have been compounded in 2020 as employees became acclimated on a major scale to work-from-home processes, many for the first time ever.
Gaps in firewalls, in cloud security, and exposed system endpoints could all have been exploited by malicious parties – occasionally that includes internal parties with an axe to grind against the company, perhaps a disgruntled staff member who was laid off during pandemic job cuts.
But wide-scale, well-publicized cyberattacks like that of SolarWinds and the Cambridge Analytica-Facebook scandal have brought the issue of data privacy to the public’s attention on a scale that has been rarely seen before.
Users are now actively concerned how their data is being captured and used, and have even shown that they are willing to leave insanely popular platforms like WhatsApp if they feel their data is being mishandled.
Such data awareness is good for the user, but could be bad for companies who do not make clear which third parties may be able to access data, or give clients full control over what cookies they can enable.
“Consumers are constantly discovering the information that is collected about them, how that data is used, and how daily breaches put that information at risk,” said Anurag Kahol, CTO and co-founder at Bitglass. “Consequently, to maintain consumer trust – and remain compliant with regulations – it is imperative that companies make security a top priority.”