Data Privacy Vs. Data Security: Implications for Businesses in 2023
Data is one of the most valuable assets a company can possess. Customer data fuels insights, product/service development, personalized experiences and relevant go-to-market strategies. Many companies routinely share their customers’ data with their partners, which is a key component of their business model. Privacy laws such as CCPA (California Consumer Privacy Act) and GDPR (the European version) regulate the data storage, sharing and disclosure practices for consumer data in today’s digital economy and are disrupting these business models and the way data value transfer works.
Also, data privacy, data security is also a key priority for all companies. The more first party-data that is shared, the greater the risk of compromising both data privacy and security. Therefore, it’s a strategic obligation for business leaders to understand the difference between privacy and security, the changing business landscape, its impact on business models and how emerging technologies can help meet the new regulatory requirements and customers’ expectations.
Data privacy is based upon the premise that personal identifiable information belongs to an individual and that they should be able to determine what, how, when and to whom their information is shared or communicated. Recent regulatory and market trends support more individual control, more consent and greater transparency, so companies holding customer data must meet these legal requirements.
The data privacy and compliance landscape continues to significantly change in 2022, and it is necessary to understand these changes as soon as possible so you can chart your path, and that of your organization, over the next few years..
No data science without accountability
Algorithmic accountability is being discussed across the world today. Transparency, explainable, fairness, and non-discrimination requirements are already being integrated into the law. Privacy policies are now beginning to focus on the entire data science value chain – extending to data handling and usage throughout design and development cycles.
The battle will not be about whether consumers should share data with companies because for now, that answer will be a reluctant and judiciously-considered ‘yes.’ The new battle lines will be drawn along which companies must demonstrate responsible handling of data, internally (employees, shareholders) and externally (end-consumers, business partners, regulators).
A shift in the competitive landscape
The last few years have seen companies that hoard specific classes of data and develop applications using this data. Their valuation has been driven by speculation (possible further applications), and the ownership of the said data. However, regulators and lawmakers are now looking at the question of who owns the data. If it is determined that data is to be a sovereign resource or owned by the individual, and not a private resource, then the companies turn into custodians and not owners of the data.
The changing economics of data science
Production use of data science (i.e. where data science is on the front-lines – making or aiding business decisions to impact the top or bottom line growth) requires that ML models work reliably and in a real-world context – not just on training data. The demonstration of this is not only important to internal stakeholders such as the board and CXOs, but also to regulators and customers.
The definition of a model “working” is now being expanded beyond how accurate or quick it is, to include ideas such as fairness, transparency and explainable amongst others. The result of this will be that the emphasis that has been laid on more complex models will be reversed. Simpler, maintainable, explainable and operationally efficient models will become the trend.
Data localization for security and independent access
Governments around the world are now asserting authority over the personal, health, financial, and other critical data belonging to their citizens and residents. Legal frameworks to restrict cross-border flow of all/specific types of data are already in place in some countries (like, Russia and India). Many others are bringing in localization laws to have unfettered access to such data and to protect their data from foreign surveillance. Such laws are becoming increasingly crucial to every country’s national security, law enforcement, and economic competitive advantage.
Towards a level playing field
Digital services (online platforms) are at the forefront of transforming our day-to-day experiences like communication, shopping, etc. Accelerating digitization has created an imbalance where a few large players (think companies like Google and Meta) be able to control the ecosystems in the digital economy. This imbalance gets magnified by the monopoly that they assert over the data that their platforms collect. The regulatory authorities will now also start to focus on measures to address this imbalance and create a level playing field for other businesses and create more choices for customers. For instance, the EU’s Digital Markets Act (DMA) along with Digital Services Act (DSA) aims to create a safer and more open digital space. Thus, establishing a level playing field to foster innovation, growth, and competitiveness – both in the European Single market and globally.
While data privacy is focused on protecting an individual’s rights via organizations adhering to regulations and business practices, data security is how an organization protects its overall data, including personal data. The explosion of the amount of data captured, coupled with accelerated digital transformation and increasing sophistication of sensitive data attacks, has made it more difficult and complex to keep data safe. Fraud detection and prevention alone is a $30.6 billion market today with a 22.8% compound average growth rate.
Many organizations can’t keep up (automatic download) with data security requirements. And yet cybersecurity is a top strategic priority, especially for business platforms where data sharing and insights are integrated into all aspects of the business model. So how do business leaders balance the requirements of both and meet customer, employee, partner and shareholder needs?
Know what data you’re collecting – why and how it’s being used & shared
If certain data is collected but not necessary, stop collecting it and certainly don’t keep it. In my experience, good data hygiene and periodic review are critical. As part of that process, conduct an internal review and/or audit of privacy regulations specific to your business to make sure you are compliant.
Revew how you work with business partners and share data
There are emerging technologies that enable businesses to garner insights without transferring personal identifiable information. These solutions range from simple mobile apps to sophisticated data science marketplaces and present new ways to aggregate and anonymize data without moving it.
End customers expect transparency on how their data is used
Reiterating the customer benefits by knowing their preferences and behaviors can reinforce a brand’s value proposition and deepen loyalty.
Partner with responsible data practitioners
Given the complexity of modern data platforms, it is inevitable that there will be many individuals involved in the process, and risks propagate through the system. One should look to partner with or hire individuals and companies that share the common desire to be a responsible data company and who take data regulatory obligations seriously.
In summary, data fuels today’s digital economy, and the rules around privacy and security set the parameters for business models. To be successful, effective business leaders are keeping close tabs on their own data strategies, practices and how these sectors are evolving, not only for themselves but across their ecosystems. It is important to know about new tools and emerging technology, as they may solve some of these data challenges and present breakthrough opportunities for new revenue streams or business models.