Data privacy and the protection of data has been evolving since the inception of the internet. With significant volumes of information being shared online, governments and industry bodies have been impelled to formulate and enforce privacy regulations to protect individuals from data breaches.
Organisations that collect data are now required to comply with government and in some cases industry privacy standards. It is projected that in the next two years, 75% of the population worldwide will be protected via one or more data privacy regulations.
Organisations of all sizes need to be aware of the issues surrounding data privacy, and the implementation and maintenance of appropriate privacy policies which can complement existing cybersecurity practices. Between July 2020 and July 2021, General Data Protection Regulation (GDPR) violations in the European Union rose by 113.5%, and the number of fines associated with it also rose, by 125%.
Data privacy must be prioritised and considered in all data collection practices and uses. Whenever an organisation collects, stores, or sends personal information, it needs to be protected and to ensure this, adequate security safeguards need to be put into place.
Individuals and organisations need to be aware of their privacy obligations and they should keep abreast with the latest changes in legislation and regulations.
Below is a list of the data privacy trends that are current and likely to occur in 2023.
Data Privacy and Its Compliance
The Governance Of AI
Artificial intelligence (AI) is increasingly being employed in many applications. For example, when you are typing and a text suggestion appears, that is AI predicting what it thinks you will type next. Or if you are processing an image there may be an option to add a smile to a frowning face – this is also a feature provided by AI.
With an increase in the usage of AI, it is now implementing many algorithms that provide for ensuring data privacy by safeguarding personal and private data. According to one report, approximately 40% of privacy compliance technology will utilise AI in its operations this year. But what happens if there are privacy-related problems with AI and its actions?
This is a question that governments and organisations are currently attempting to address. The involvement of AI in data privacy is a new development, and AI is becoming more prevalent in everyday personal and working life. Whenever AI is employed in data protection its use and actions need to be governed correctly, to ensure that its processes are not exposing sensitive personal and private data.
Consumer Privacy: Users Taking Control
Another new trend in data privacy is the desire for users to have more control over their data. Some jurisdictions require that applications and websites provide transparency in their data storage and usage practices. These applications and websites are required to inform users what data they are collecting, how they are collecting it, and for what purposes they are using it. Users need to be provided with the opportunity to opt-out and retrieve the data that they have previously provided to it.
These privacy requirements have led to an increase in interest in how data is collected, stored, and used. Users have begun advocating for a centralised privacy portal where they can access all their privacy settings for the various apps that they use, and for the websites that they visit, and to increase their knowledge about how their personal data is being handled on various platforms.
The Monitoring of Remote Employees
The COVID-19 pandemic has changed the way that the workforce operates. Some organisations now consist completely of remote offices or feature a combination of remote and on-site staff. The increase in people working from home has led to changes in the way that data is collected and transmitted. Organisations are increasing the monitoring of remote employees.
The increase in staff monitoring can create issues for data privacy. Organisations need to ensure that they are not encroaching on the personal rights of their staff, particularly if an organisation is placing monitoring methods on their employees’ electronic devices.
To highlight the potential for privacy breaches, approximately 49% of remote employees currently use their personal computers for work purposes. If an organisation chooses to monitor their employee’s personal computers, the organisation needs to ensure they are not collecting or using any of the personal data of the employee.
The Location and Who Has Access to Data and Its Storage
The location of and access to data continues to raise privacy concerns. This has been highlighted by the recent increase in interest in the social media app TikTok, and the location and access of its user’s data. The company that owns TikTok is based in China, a country which has very different data privacy regulations to most of the Western world. The servers which hold the TikTok data have previously been accessed by the Chinese government, without a transparent process being followed.
The concerns surrounding the location of data and its access are likely to increase, with many organisations now examining exactly where their data is being stored. The location of a server dictates the privacy rules and regulations that its use and access are governed by. Therefore, organisations and individuals are now asking “Where is my data stored, who can access it, and how is it being used?”, with some organisations and users now ensuring that their data is stored as close to their physical location as possible.
Privacy Enhancing Computation
Privacy Enhancing Computation (PEC) is a relatively new concept which is a method that AI can use to help enhance cybersecurity practices.
PEC is made up of three forms, which are:
- The data environments that allow for the secure processing of data.
- Privacy-aware machine learning with added analytical capabilities.
- The use of encryption practices ensures that data remains confidential and secure through the use of algorithmic processes and transformation.
By adding PEC to applications and software, developers can provide added value to their clients, along with an increase in privacy and security, and the addition of PEC can further strengthen data security by automating the processes that surround it.
Do You or Your Organisation Require a Data Privacy Evaluation?
The subject of data privacy is evolving, and as such individuals and organisations are advised to ensure that their policies and practices are as up-to-date as possible. If you would like to ensure that your data privacy is up to date, we are happy to provide an evaluation of your current systems and practices, and to advise you on how you can remain compliant with the current rules and regulations in this ever-evolving environment.