There was a time when, who knows how many years ago, we
could submit our confidential and private information without any fears and
concerns of it being hacked into. For
example, we could give our credit card numbers on the phone in order to make
purchases, or even share our Social Security Numbers to our healthcare
providers without having to sign 20+ pages of compliance paperwork.
Heck back then, if we asked our PCP to share the results of
a medical test with a family member, they would do so gladly, and not have to
worry about HIPAA.
But of course, all of that has changed greatly, given the
current of the Cyber Threat Landscape, and especially that of the COVID19
pandemic. For instance, if we want to
open up a new brokerage account, there are tons of compliance related paperwork
that one must sign before a financial advisor-client relationship can even be
cultivated. The same is true of the
healthcare industry.
For instance, if you have an HMO plan and need a referral
from your PCP to see a specialist that doctor will not even see you until you
have completed all of the mountains of paperwork.
Not only do we have these headaches to deal with, but we
also now have to on the guard all the time to make sure that not only our
confidential, but even financial information and data has not been tampered
with.
Heck, you could probably even give yourself a full-time job
just trying to keep track of all of this.
Now, this is just for the individual.
Just imagine what businesses must go through in this regard.
Not only must they take every step to make sure that the
Personal Identifiable Information (PII) datasets of both their employees are safeguarded,
but they must make sure that they come into compliance with the statutes and
provisions of just about every Data Privacy Law that is out there, especially
those of HIPAA, GDPR, HIPAA, etc.
If they don’t follow suit, then the company in question
could very well face some serious audits and financial penalties (for example,
under the GDPR, it can be as high as 4% of the gross revenue that has been
generated). So, this is what things look
like now with Data Privacy. What does
the future for it? Well according to
Gartner here is what it could look like:
*A balance will be struck:
When the COVID19 pandemic hit us hard last year, the rush to
WFH transpired. Employers were in a fast
scramble to get everybody situated and in place, and once the dust settled in
on that regard, the next major concern was the actual productivity that would
occur, and rightfully so. Because of
this, many companies across Corporate America were obsessed with snooping in on
what their employees were doing in the name of security, many remote workers
felt that their right to privacy was being invaded. This led to a huge backlash in the level of
trust that was fostered before COVID19 hit.
But now as the Remote Workforce looks like that it is now going to be a
permanent fixture for the long haul, companies are now starting to realize that
they are going to have to strike a balance between trust and not snooping in
all of the time on their employee’s devices.
But truth to be told, as long as the individual is still an employee of
the said company, there really is no violation of privacy if there employer
decides to intrude in to see what they are doing. After all, they are using company owned
equipment and company data. In this
regard, any court of law will side with the employer. But in the end, there still needs to be that
balance in order to make sure that the level of productivity is enhanced so
that the company still be viable in these crazy time.
*CX and UX will join forces:
In the world of website creation and design, these are
acronyms that simply stand for Privacy User Experience (UX) and Customer
Experience (CX). There is a lot more technicality that goes
into this, but long story short, this is where you want to have your prospect
or customer feel comfortable when they visit your website and have an overall,
great experience in doing so. The
thinking here is that if they feel this way, they will then have a much a
stronger tendency to purchase products and services from your online
store. But now, companies are starting
to realize that if they can give the customer or prospect the feeling of
security when they visit their website (especially when they submit their
information and data), that will even be more of a motivating factor to
purchase something. Just think about
it: If you went to the store of an
online merchant and had a great feeling of being secure, wouldn’t that tempt
you to buy something? I certainly
would. So a result of this, businesses
are now trying to embed that feeling of data privacy into all of the pages of
their respective websites. But on there is a flip side to this: Have you ever noticed that when you visit a
website, there is always this thing about using cookies, and when you fill out
the contact form, you agree to abide by the terms of privacy? Yes, these are sort of annoying, but it will
only multiply by at least 10X when the worlds of CX and UX come together. Although the intent is to make you feel
secure, you could very easily get turned off by all of these notices and even
go somewhere else as a result.
*The usage of DRAs:
This is an acronym that merely stands for “Data Risk
Assessment”. Really, there is nothing
new about this, this is where you can use a template that is provided by NIST
or some other government-based compliance entity in which you can conduct your
own Risk Assessment. Essentially, this
is where you are taking an inventory of all of your digital assets and ranking
them according to their degree of vulnerability of being hacked into,
especially when it comes to the PII datasets, as previously described. This no doubt can be a laborious and very time-consuming
process to go through. But with recent
advances in both Artificial Intelligence (AI) and Machine Learning (ML) it is
highly anticipated that this kind of risk assessment will become
automated. The advantages to this are
that not only can this be done in a matter of minutes, but it can be done on a
real time basis as well whenever you want to do it. By showcasing this, companies can put an
extra sense of ease to both customers and prospects that their PII datasets are
being well looked after.
My Thoughts On This
Whether we like it or not, data will be constantly around
us, whether it is in our personal or professional lives. The key is in now to successfully manage this
huge influx and saturation, but yet also maintain a proactive mindset in
protecting our PII.
As I have stated before, we are all at risk of being hacked
into, but the key is how to mitigate those chances of actually
happening to you. Also keep
in mind that the GDPR and the CCPA have given consumers a lot of extra power to
yield over businesses when it comes to requesting as to how their PII datasets
are being used, in what ways, and even if you want them deleted.
Under these new laws, the company must respond back to you
within a prescribed time frame. But the
downside here is that your ability to file a lawsuit that could gain traction
in a court of law is greatly reduced.
From here on out, the world of Data Privacy is going to be an ever
continually evolving one, so stay tuned as I put more stuff on this, especially
as new laws are passed with respect to this.
No comments:
Post a Comment