In the constant push for bigger, better, faster, it’s normal to see products and services evolve to meet shifting customer expectations. What’s different about today though, is how customers themselves are changing. Everyone has a growing digital footprint, regardless of whether or not they want one. What does this mean for personal data privacy?
Look around your home today and compare it with a home in the 1980s or 90s. What’s missing? An answering machine, Rolodex, calendar, alarm clock, road maps, vinyl records, VHS tapes, cassettes, CDs, and DVDs, the list goes on. Each of those material goods has been replaced by our smartphones. Digital has “dematerialized” our world —even our money has been digitized, for the most part. It’s safe to say we’re much less dependent on physical stuff.
Digital has also dematerialized people. A person is a person because of the data that exists about them — our digital selves. We have become a collection of individual pieces of data made up of Personally Identifiable Information or PII.
When all of our personal data is digital, privacy becomes a much bigger issue, with many more stakeholders. With all the progress society has made during our digital transformation, we have somehow managed to sacrifice our personal privacy along the way.
We shifted from moving physical material that makes up a person’s identity around in space to moving bits and bytes around in the cloud — and somehow this shift made the data seem less valuable for a while.
For more on the three general attitudes people have on data protection, read
There have been too many stories in the news about organizations and institutions for all the wrong reasons — negligence and loss of personal data, cybersecurity breaches, inadvertent misuse of data by a third party, and so on.
As a result, governments around the world are stepping up to the challenge of protecting the privacy of the individual with strict regulations (backed by law) that govern the use and misuse of digital data, and shift power back to the individual.
Sweeping regulations, such as the EU General Data Protection Regulation (GDPR), are prompting regulators around the world to implement compatible standards and, in some cases, start levying their own fines.
Most recently, the California Consumer Privacy Act (CCPA) as well as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) were introduced. Both have been heavily influenced by GDPR and give people more control over the personal information that is being collected about them.
There are several reasons why organizations should do everything in their power to protect PII. Firstly, it’s the law. Data breaches can be bad for business both in terms of regulatory fines and loss of business due to class-action suits. Not to mention the subsequent reputation damage.
Secondly — and more importantly —there’s an ethical responsibility: it’s the right thing to do. And the public expects organizational leaders to take charge — 76% of those surveyed in the 2019 Edelman Trust Barometer believe that CEOs should take the lead on change, rather than waiting for the government to impose it.
The C-suite has a responsibility to take an active role in ensuring data security and privacy controls are in place — failure to do so puts innocent people at risk and could potentially be the digital world equivalent of reckless endangerment.
In my next post on C-suite responsibility, I’ll discuss the different data privacy considerations that too often go overlooked. In the meantime, if you’d like to learn more, get our new eBook, 3 Overlooked Data Privacy Considerations.