Why Data Privacy is Important? What can Organizations do?

Imagine you have hosted a party and catered food from a restaurant. Everyone enjoyed the party and really complimented on the food. After the party, you get a survey to complete about how you liked the food. You give the restaurant a 5-star rating. After a few days, you plan for a vacation and book a hotel at a vacation destination. When you are on vacation with your family you get a feeling that your navigation system is continuously optimizing the route that is short and taking you to the places where you see someone waving a flag with a digital menu and your meal ready with your favorite food that you ordered for your party along with some additional items that you had filled in the survey.

How would you feel?… Creepy? Invasive?

This is where Data Privacy comes into play. Data privacy has always been an important element and we have always been giving the utmost importance to our private information like SSN, Financial details, Bank Account, Health information etc. However, in the digital world of today, very basic information that you don’t mind sharing with others can be deemed private when it is combined with additional information to show value. There are new data protection laws like GDPR, California Act etc. that is on the mission to protect customer data and privacy and focuses on giving greater control to the user (data subject) as to who gets to use their information and to what extent. The law also requires organizations to clarify the intent of data collection at the time of data collection in simple and plain English, and seek explicit consent from the user. This means the user is agreeing about using the information of the user. Should these new laws be a matter of concern for organizations? What can organizations do to gain user trust and confidence? Organizations can take proactive measures and gain user trust and confidence by owning, operating and governing the systems that show that they are built and architected with best interests in mind. How can organizations build such systems? Organizations can build such systems by embedding ‘Privacy by Design’ when building the systems and auditing the systems regularly.

Building Privacy by Design

Building Privacy by Design means building privacy into the design, operation, and management of any system, business process, and design specification. There are seven foundational principles of Privacy by Design

1. Take proactive measures and building privacy than making the changes after the invasive events. Anticipate, identify and prevent such events from happening.
2. Lead with privacy as the default setting where no additional action needed to be taken by any individual.
3. Embed privacy into the design: Privacy measures should be fully integrated and not add-ons for the systems.
4. Retail full functionality (Positive-sum, not zero-sum): Both privacy and security are important and no tradeoffs should be made to achieve both.
5. Ensure end-to-end security: All data should be securely retained and destroyed when no longer needed
6. Maintain visibility and transparency: Assure users and stakeholders that business practices and technologies are operating according to objectives and subject to independent verification.
7. Respect user privacy — keep it user-centric and give the interest of individuals the highest priority by offering strong privacy defaults, appropriate notices, empowering user-friendly options.

Regular System Audit

Systems must be audited regularly and an answer to these questions, if not cover everything, can give a clear idea of how the systems are doing with respect to handling privacy.

1. Is this the right data?
2. Is it doing what is it supposed to be doing at this point in time?
3. Is this the right people, process, and technology, in context over time?

And testing it over again for quality.

Data Privacy has always been an important element for everyone. In the digital world, the scope of information getting tagged as PII is expanding and the user will give permission to organizations to use their data only if the organizations gain the trust and confidence and show that the information will stay safe and secure with the well-built systems in the organizations.