Privacy is Dead — Why Bother?
As the world is enmeshed in greater interconnectivity, we often come across a common (albeit erroneous) belief that everyone’s data is already out there, and hence, little can be done to protect it. This viewpoint is often supported by an argument which states that any effective system to protect data is already too late in deployment, and so, why bother?
However, privacy, more particularly, data privacy, is quite relevant. Hence, active measures must be undertaken to ensure its sanctity and validity even in, and especially in, an increasingly connected world.
An important reason today why some businesses have stopped bothering about privacy is that almost everyone’s personal data is out in the public, courtesy social media. Social media companies hold huge volume of personal data and use it to target customers with advertisements. People’s behavior are being tracked and detected by apps on smart devices. What is more worrying is that no one has any idea how much private information these companies are hoarding and what percentage of this private data is being used in a legitimate manner.
An Overview of this ‘Oversharing’ Landscape
There are concerns as to the level of ignorance among people about the extent of privacy attached to their own data. They do realize that someone has access to their information and that some entities are using it, but they are unaware about who they are. There is no clarity on how much of their information was taken and how much was used. And are these companies selling customer data to other party without their knowledge?
We do not have enough evidence to sue the company, Since no one really knows the extent of this personal information leakage, such companies cannot be sued due to non-availability of enough evidence
In a connected world, it is inevitable that companies will gain access to personal information and leverage that for business. I prefer to see it as a win-win trade — a deal that consumers are making with those partner providers who leverage the data resources for delivering value to the incumbent. However, there is a disturbing element in the inequality between the two negotiating parties — the users and the companies using their data — with the users often forced to accept the privacy statement before they start using apps without knowing how much data would be accessed and used. This results in a massive volume of personal data changing hands without any value being delivered in return.
So, is Privacy is a Wet Blanket?
Again, refer to the common (yet erroneous) belief that we will not be able to set up the systems that we want if we think about privacy. That is clearly not true.
What is important here is to remember that the responsible use of technology, matching with the business needs, must be based on thorough assessment of privacy risk at the beginning of a project. While few identified risks can be accepted, major ones can be mitigated to ensure data security and privacy.
Privacy laws like the European GDPR and the Australian privacy laws have already laid the groundwork for a regulatory environment that translates into increased risks of companies not meeting the required standards. As a result, we are witnessing the rise of ‘Privacy by Design,’ a trend that will only get stronger with every passing day. Privacy by design connotes that simply by adhering to the data protection legislations privacy can never be guaranteed. Organizations must incorporate privacy as a default mode of operation in all their applications and processes.
Toward Data Minimization and Purpose Limitation
Aligning data minimization and purpose limitation principles along with a risk-based approach is essential for organizations dealing with personal data to address privacy concerns effectively. Sanctity of the use of personal data can only be maintained if data collection is restricted to extent of necessity and limiting the use of the collected data only for the purposes for which such data was collected.
Therefore, data minimization and purpose limitation can save not only time but money too. By cutting down on the volume of data collected to what is important and using such data only for predetermined purposes will inevitably cut down organization costs, especially with regards to processing, storage, and security. This would have a direct impact on the businesses bottom line, besides helping mitigate the potential of failing to adhere to the increasingly stringent requirements of data privacy laws worldwide.
And so, while data and data privacy will continue to the cornerstone of the modern, connected economy, an ethics-based approach of respecting the sanctity of personal information, combined with an operational focus on data minimization and purpose limitation for reducing unnecessary and irrelevant data consumption, will be the real drivers.
Author
Chief Risk Officer
L&T Technology Services
