For the past decade, companies have put customers at the center of their digital transformation, capturing ever more data to uncover new insights and better serve them with personalized experiences and compelling products and services.
But where does that leave us as we consider data privacy in 2021?
This is the question we posed to expert panelists in our recent SecureWorld Remote Sessions webcast, Customer Data Privacy 2021: It's No Longer Just Business, It's Personal, which is available on-demand.
At the beginning of the discussion, we asked the panelists for a level set on the state of data privacy and how it looks moving forward. Here is what each had to say.
Jen Mailander, Deputy General Counsel, Data, Privacy & Cybersecurity at Fannie Mae:
Number two, we've seen an expanding definition of personal information. So what previously would have been personally identifiable information [PII], we think of driver's licenses as security numbers, has been evolving and expanding into personal information or personal data, depending on your jurisdiction. Now that includes things like social media posts, photographs, recordings, IP addresses.
Three, we've got the expansion of individual consumer rights. A consumer can say, in some jurisdictions, what data do you have on me, show it, and in some cases, I want you to delete that data.
Fourth, is the increased emphasis on data management. So you really are going to be responsible for knowing where your data is, from the beginning or creation, to its disposition.
And then lastly, we need to watch these emerging technologies that are evolving and coming out, like AI, facial recognition, the use of biometric data. We're already seeing new privacy issues evolve from these, and again, if you include how the expanding definition of PII and a consumer's expectation of privacy, and then tied to that the potential for new privacy concerns, and potentially new uses of data that with these new technologies, the sky is the limit. And this is a really exciting time to be here."
Robert Eckman, CISO at Kent State University:
And so I think it's important for us as an industry to recognize that regulation and compliance is hugely important. And we have to meet that based on where we're located and operating. And I agree wholeheartedly that there's a huge fracture in what we see with regard to regulation. But this is the space that I live in: beyond regulation, beyond compliance, is where real security lies.
Compliance measures do not keep data safe by themselves. Compliance measures are typically baseline security type approaches. And really what we're beginning to see as an industry, is moving more technically into a space of being able to provide better protections, from a behavior perspective, from an interaction perspective. This includes more adaptive technologies that reassert the trust relationship on a pretty consistent basis.
And so for me, I'm really excited about where we're moving as we go through 2021 as it relates to tools. But again, I think the biggest gap we have is trying to ensure we can maintain compliance, but really provide true security at the end of the day to keep that data safe. So lots of challenges, but also opportunity."
Rebecca Herold, CEO of The Privacy Professor and CEO of Privacy & Security Brainiacs:
So, I believe his comment implied that all cookies are bad. But it gave me an opportunity to spend a little bit of time providing a very high level explanation for different purposes and the different types of cookies. And you know, what a great opportunity for data privacy day, right?
So I believe that we're always going to be behind on privacy. And some folks might think that sounds very naïve. But actually, we've always been behind in data security, too. And this is because as time goes on, we always have data, it always accumulates. How many people actually delete their data?
So we have data continuously accumulating, and legacy systems are still persisting. We have data that's used for more types of new purposes, while it continues to be used for the old purposes, and it's very important for privacy and security pros to really understand that privacy and information management are not really destinations, not a checklist that you can do; it's an ongoing process. And you have to actually change your process to match your changing business activities. And I do think most security and privacy pros understand this.
But it's a huge challenge for most of them to get executives and other decision makers on board, visibly supporting their efforts and providing some sufficient resources. Besides constantly emerging privacy and data security risks that add on to long-time risks, there are also growing legal requirements for privacy and security."
Jason Hodgert, Product Marketing Manager at Spirion:
I remember my last day in the office and I'm hearing the news with COVID spreading. I took an extra monitor home because, you know, 'I might not be in next week because my kid's school might be closed.' That was 10 months ago.
The perimeter exploded. The perimeter was obliterated, IT resources were getting spread out, VPNs were getting overloaded. And for the first half, or the first two-thirds of 2020, we were basically trying to hold it together with duct tape and bubble gum. And I think everybody did a fantastic job.
And we all sort of breathed a sigh of relief when the clock turned over to 2021, like we thought something magically would happen and make it all go away. And unfortunately, it hasn't yet, but vaccines are coming and we can start to see light at the end of this dark tunnel. And we can also see what this new normal that everyone's been talking about starts to look like. And it looks a lot like what what this looks like.
So seeing how we reactively made sure that security and privacy concerns were being held with the duct tape and the bubble gum, seeing that this is what it's going to look like, there's a real opportunity for data security and data privacy to act proactively and put controls in place knowing that this is what the office in 2021 and the future is going to be like.
And like Bob said, privacy is not an option; it's something that has to be done proactively. It's not something that you can do reactively, or you're going to find yourself underwater very quickly. So that's a long way of saying we spent most of 2020 scrambling. And I think 2021 is going to be the time where we can sit and plan out and proactively tackle the privacy problem."
The rest of the Data Privacy webcast asked and answered the following questions, which sparked a great discussion among the panelists.
If you want to be proactive about data privacy in 2021, we highly suggest watching Customer Data Privacy 2021: It's No Longer Just Business, It's Personal, which is available on-demand.
In addition to the webcast, don't forget to check out SecureWorld's Virtual Conference series calendar.