Most companies of any size have a website, an internet presence. Whether you actively deal in international trade, build across borders, or just communicate with people in other countries, your actions will be scrutinized for illegal behavior—behavior you probably didn’t even know was illegal. Posting notices about cookie use is a common indicator of taking privacy seriously but it can’t be the end of the story.
According to a survey by Gartner of more than 5,800 customers conducted in December 2021, 71% of B2C (business-to-consumer) customers and 86% of B2B (business-to-business) customers expect companies to be well-informed about their personal information during a service interaction. But while customers want companies to be well-informed about their personal information, customers also expect their data to remain private and secure, and to be used solely for its intended purpose.
A data-driven approach to designing personalized service experiences benefits the customer and the company, but it also risks violating customers’ trust if not done right. High-profile data breaches and data ethics scandals are also elevating privacy concerns among customers and accelerating their desire to maintain control of their personal information.
In addition, government regulations around the globe, such as Europe’s GDPR (General Data Protection Regulation), have proliferated and redefined the standards by which data is collected, stored, and used. By the end of 2024, Gartner predicts that 75% of the world’s population will have its personal data covered under modern privacy regulations. This regulatory evolution has been the dominant catalyst for the operationalization of privacy.
To provide an experience that accounts for the customers’ expectations, Gartner suggests customer service and support leaders take the following actions:
- Be explicit with consent management and preference settings in the service process to give customers better control over how their data are used. Delineate these settings by functional area and use case to avoid conflating uses of data (e.g., using data collected to improve the Website for marketing purposes instead).
- Prioritize transparency in customer privacy settings so customers know what personal information is being used, why it’s being used, and how to manage it. For example, proactively communicate about preference and consent management.
- Make ethics a core component of your data management strategy by creating data use cases based on how they bring value and benefit to the customer, not just to the company.
- Limit data collection to what’s actually needed to deliver timely resolution and added value by defining each data use so it collects the minimum data required through the least invasive methods.
As the number of privacy regulations worldwide continues to grow, organizations should focus on privacy to help meet the challenges of protecting personal data and meeting regulatory requirements. While privacy regulations are expected to expand in the next two years, many organizations should focus on their privacy program efforts now. In fact, Gartner predicts that large organizations’ average annual budget for privacy will exceed $2.5 million by 2024.
They identify five privacy trends that support the privacy practice, but also support multiple business leaders across the enterprise, making buy-in more attainable, value more substantial, and time to value far shorter.
- Data Localization
In a borderless digital society, seeking to control the country where data resides seems counterintuitive, but this control is either a direct requirement or a byproduct of many emerging privacy laws.
The risks to a multinational business strategy will drive new approaches to the design and acquisition of cloud services across all models, as security and risk management specialists face an uneven regulatory landscape with different regions requiring different localization strategies. As a result, data localization planning will shift to a top priority in the design and acquisition of cloud services.
- Privacy-Enhancing Computation Techniques
Data processing in untrusted environments – such as public cloud – and multiparty data sharing and analytics have become foundational to many an organization’s success. Rather than taking a bolt-on approach, the increasing complexity of analytics engines and architectures requires that vendors incorporate a by-design privacy capability.
The pervasiveness of AI (artificial intelligence) models and the necessity to train them is only the latest addition to privacy concerns. Unlike common security controls, PEC (privacy-enhancing computation) protects data in use and will be a commanding aspect of privacy protection. Organizations can implement data processing and analytics that were previously impossible because of privacy or security concerns. Gartner predicts that by 2025, 60% of large organizations will use at least one PEC technique in analytics, business intelligence, and/or cloud computing.
- AI Governance
A Gartner survey found that 40% of organizations had an AI privacy breach and, of those breaches, only one in four was malicious. Whether organizations process personal data through an AI-based module integrated into a vendor offering, or a discrete platform managed by an in-house data science team, the risks to privacy and potential misuse of personal data are clear.
Much of the AI running across organizations today is built into larger solutions, with little oversight available to assess the impact to privacy. These embedded AI capabilities are used to track employee behavior, assess consumer sentiment, and build “smart” products that learn on the go. Furthermore, the data being fed into these learning models today will have an influence on decisions being made years down the line, Gartner believes.
Once AI regulation becomes more established, it will be nearly impossible to untangle toxic data ingested in the absence of an AI governance program. IT leaders will be left having to rip out systems wholesale, at great expense to their organizations—and to their standing.
- Centralized Privacy User Experience
Increased consumer demand for subject rights and raised expectations about transparency will drive the need for a centralized privacy UX (user experience). Forward-thinking organizations understand the advantage of bringing together all aspects of the privacy UX — notices, cookies, consent management, and SRR (subject rights requests) handling — into one self-service portal.
This approach yields convenience for key constituents, customers, and employees, and generates significant time and cost savings. By 2023, Gartner predicts that 30% of consumer-facing organizations will offer a self-service transparency portal to provide for preference and consent management.
- Remote Becomes “Hybrid Everything”
With engagement models in work and life settling into a hybrid mode, both the opportunity and desire for increased tracking, monitoring, and other personal data processing activities rise, and privacy risk becomes even more important.
With the privacy implications of an all-hybrid set of interactions, productivity and work-life balance satisfaction have also increased across various industries and disciplines. Organizations should take a human-centric approach to privacy, and monitoring data should be used minimally and with clear purpose, such as improving employee experience by removing unnecessary friction or mitigating burnout risk by flagging well-being risks.
Want to tweet about this article? Use hashtags #construction #IoT #AI #cloud #futureofwork