Saturday, September 25, 2021

To The SMB Owner: Why You Need To Worry About Data Privacy

 


There was a time when, who knows how many years ago, we could submit our confidential and private information without any fears and concerns of it being hacked into.  For example, we could give our credit card numbers on the phone in order to make purchases, or even share our Social Security Numbers to our healthcare providers without having to sign 20+ pages of compliance paperwork.

Heck back then, if we asked our PCP to share the results of a medical test with a family member, they would do so gladly, and not have to worry about HIPAA.

But of course, all of that has changed greatly, given the current of the Cyber Threat Landscape, and especially that of the COVID19 pandemic.  For instance, if we want to open up a new brokerage account, there are tons of compliance related paperwork that one must sign before a financial advisor-client relationship can even be cultivated.  The same is true of the healthcare industry. 

For instance, if you have an HMO plan and need a referral from your PCP to see a specialist that doctor will not even see you until you have completed all of the mountains of paperwork.

Not only do we have these headaches to deal with, but we also now have to on the guard all the time to make sure that not only our confidential, but even financial information and data has not been tampered with.

Heck, you could probably even give yourself a full-time job just trying to keep track of all of this.  Now, this is just for the individual.  Just imagine what businesses must go through in this regard.

Not only must they take every step to make sure that the Personal Identifiable Information (PII) datasets of both their employees are safeguarded, but they must make sure that they come into compliance with the statutes and provisions of just about every Data Privacy Law that is out there, especially those of HIPAA, GDPR, HIPAA, etc.

If they don’t follow suit, then the company in question could very well face some serious audits and financial penalties (for example, under the GDPR, it can be as high as 4% of the gross revenue that has been generated).  So, this is what things look like now with Data Privacy.  What does the future for it?  Well according to Gartner here is what it could look like:

*A balance will be struck:

When the COVID19 pandemic hit us hard last year, the rush to WFH transpired.  Employers were in a fast scramble to get everybody situated and in place, and once the dust settled in on that regard, the next major concern was the actual productivity that would occur, and rightfully so.  Because of this, many companies across Corporate America were obsessed with snooping in on what their employees were doing in the name of security, many remote workers felt that their right to privacy was being invaded.  This led to a huge backlash in the level of trust that was fostered before COVID19 hit.  But now as the Remote Workforce looks like that it is now going to be a permanent fixture for the long haul, companies are now starting to realize that they are going to have to strike a balance between trust and not snooping in all of the time on their employee’s devices.  But truth to be told, as long as the individual is still an employee of the said company, there really is no violation of privacy if there employer decides to intrude in to see what they are doing.  After all, they are using company owned equipment and company data.  In this regard, any court of law will side with the employer.  But in the end, there still needs to be that balance in order to make sure that the level of productivity is enhanced so that the company still be viable in these crazy time.

*CX and UX will join forces:

In the world of website creation and design, these are acronyms that simply stand for Privacy User Experience (UX) and Customer Experience  (CX).  There is a lot more technicality that goes into this, but long story short, this is where you want to have your prospect or customer feel comfortable when they visit your website and have an overall, great experience in doing so.  The thinking here is that if they feel this way, they will then have a much a stronger tendency to purchase products and services from your online store.  But now, companies are starting to realize that if they can give the customer or prospect the feeling of security when they visit their website (especially when they submit their information and data), that will even be more of a motivating factor to purchase something.  Just think about it:  If you went to the store of an online merchant and had a great feeling of being secure, wouldn’t that tempt you to buy something?  I certainly would.  So a result of this, businesses are now trying to embed that feeling of data privacy into all of the pages of their respective websites. But on there is a flip side to this:  Have you ever noticed that when you visit a website, there is always this thing about using cookies, and when you fill out the contact form, you agree to abide by the terms of privacy?  Yes, these are sort of annoying, but it will only multiply by at least 10X when the worlds of CX and UX come together.  Although the intent is to make you feel secure, you could very easily get turned off by all of these notices and even go somewhere else as a result.

*The usage of DRAs:

This is an acronym that merely stands for “Data Risk Assessment”.  Really, there is nothing new about this, this is where you can use a template that is provided by NIST or some other government-based compliance entity in which you can conduct your own Risk Assessment.  Essentially, this is where you are taking an inventory of all of your digital assets and ranking them according to their degree of vulnerability of being hacked into, especially when it comes to the PII datasets, as previously described.  This no doubt can be a laborious and very time-consuming process to go through.  But with recent advances in both Artificial Intelligence (AI) and Machine Learning (ML) it is highly anticipated that this kind of risk assessment will become automated.  The advantages to this are that not only can this be done in a matter of minutes, but it can be done on a real time basis as well whenever you want to do it.  By showcasing this, companies can put an extra sense of ease to both customers and prospects that their PII datasets are being well looked after.

My Thoughts On This

Whether we like it or not, data will be constantly around us, whether it is in our personal or professional lives.  The key is in now to successfully manage this huge influx and saturation, but yet also maintain a proactive mindset in protecting our PII. 

As I have stated before, we are all at risk of being hacked into, but the key is how to mitigate those chances of actually happening to you.  Also keep in mind that the GDPR and the CCPA have given consumers a lot of extra power to yield over businesses when it comes to requesting as to how their PII datasets are being used, in what ways, and even if you want them deleted.

Under these new laws, the company must respond back to you within a prescribed time frame.  But the downside here is that your ability to file a lawsuit that could gain traction in a court of law is greatly reduced.  From here on out, the world of Data Privacy is going to be an ever continually evolving one, so stay tuned as I put more stuff on this, especially as new laws are passed with respect to this.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...