If one thing is clear, it’s that people’s personal information is scattered all over the place. Accounts here, websites there, it’s tough to know how much info there is, where it is, and who has access to it. That is why privacy mandates have been put in place.
I’m sure you have noticed websites that comply with GDPR regulations regarding cookies and trackers, or even locally here in California the CCPA (California Consumer Privacy Act) has been enacted which regulates how any business anywhere needs to handle CA residents’ personal information.
We are just rolling into 2023 and it is estimated that in the next year 75% of the world’s population will have legal protections on their personal data.
Data protection impacts every business, no matter what size or industry you are in. It is one of the topics that every business needs to address. That is why it’s important to know and review your data collection practices and processes.
As such, it’s important to stay informed regarding trends in the data privacy world so you can be better prepared for any compliance issues that are coming down the pipeline.
Here are the top 5 data privacy trends to watch in 2023.
- AI Governance
- Privacy Enhancing Computation
- Consumer Privacy UX
- Employee Monitoring
- Data Localization
AI Governance
AI governance is the process of establishing and enforcing policies, procedures, and standards for the development, deployment, and use of artificial intelligence (AI) systems. It involves defining the ethical and legal guidelines that should be followed when creating and using AI, as well as establishing mechanisms for monitoring and enforcing compliance with these guidelines.
AI is becoming a more important part of technology development and whether you realize it or not it is already in use in our daily lives and will only increase more. Some examples: When you are writing an email and you see predictive text to help complete your sentence faster. That’s AI. We use AI tools in our business here at Xentric to help analyze variations or changes in networks to identify data breaches early. The very first paragraph of this section was automatically generated by chatGPT simply by asking what AI Governance is (plus it gave me 2 additional paragraphs I omitted).
Nearly half (40%) of privacy technology relies on AI to handle the large volume of requests for user data. There are innumerable algorithms at play when AI is processing data. That data also needs to be protected in case there is ever a problem with the AI. That is what AI governance is addressing. AI needs to be governed in order to ensure that private data is not exposed to the public. There will surely be legal policies put in place sooner rather than later to abide by.
Privacy Enhancing Computation
Privacy-enhancing computation is an important factor in today’s digital world. It is essential to have effective methods and technologies in place to protect the privacy of individuals and organizations in order to maintain trust and confidence in the use of sensitive data. PEC aims to streamline this by utilizing AI to make it more automated.
There are various approaches to privacy-enhancing computation, including the use of cryptographic techniques such as secure multi-party computation and homomorphic encryption, as well as the development of privacy-preserving data structures and protocols. These approaches can be used to enable computation on sensitive data in a way that ensures that the data remains confidential and cannot be accessed or used by unauthorized parties.
Consumer Privacy UX
A growing trend in the past few years has been in consumer choice for privacy. The User Experience (UX) regarding personal data has become focused on transparency of data collected, how it’s collected, and what can be done with it. People have demanded an opt out option to remove their data.
More changes are to be expected and will greatly impact how companies develop their products and services. This includes clear communication of what data is collected and why, as well as the ability to opt out. Designing products and services to minimize data collection to provide the same experience will become more important. Greater emphasis will also be put into how collected data is kept secure, and not shared without authorization.
Employee Monitoring
With more people working remotely, electronically monitoring of employees has become more commonplace. Every business has a right to monitor their devices and employees, and there is a time and place for that. However, I’ve cautioned that managing employees with remote software rather than on their work results tends to lead to the opposite situation than what was desired. I also said that monitoring provides data that can be useful though.
When implementing employee monitoring, caution must be taken to prevent it from being intrusive or a violation of privacy – especially on employee owned devices.
On top of that though, there are concerns with confidential information (whether personal or business), being potentially accessed by unauthorized individuals. The security of the monitoring software would have to match with the security level of the data that is being monitored.
It also returns to the concern of transparency. Some remote employee monitoring systems may not be transparent about what data is being collected or how it is being used, leading to concerns about lack of transparency and accountability. At the end of the day, these things not only impact employee trust and morale, but can be a hot bed for data privacy policies.
Data Localization
Lastly, I have found that data localization is coming up far more often than people discuss. It’s not just about what data is being captured, but also about where that data is being stored. Where it is stored determines how the data is governed, and which privacy laws apply.
Famously the social media platform TikTok was scrutinized exactly for this. At launch, TikTok stored all data on China based servers (via Alibaba Cloud) which would be governed by China privacy law despite if you are a US citizen. They have since migrated to using US and Singapore based servers to bypass this concern. As a side note, they are back in the spotlight regarding how they use data and regarding location tracking of US citizens.
Thus, focusing on the location of stored data is becoming a common question. Where is my data stored? Those answers need to be strategized before products and services are offered.
Conclusion
These are the top 5 data privacy topics to keep an eye on in the coming year. If you need consulting or a compliance check, feel free to get in touch for a security checkup.