For security, privacy, identity, and digital transformation professionals, the occasion of Data Privacy Day is perfect for pondering the big issues, like: Has anything actually changed since last year? From where I sit, organizations have actually become more #PrivacyAware because they’ve had to, just to survive. The regulatory stakes are increasing rapidly, with the General Data Protection Regulation bearing down on every organization serving EU citizens and other regs such as PSD2 also having an impact. But the business stakes are also rising, with digital transformation remaking even the most “atom-based” of companies, leaving big consumer-trust question marks everywhere. For more of my thoughts on privacy, check out this webinar replay covering the changing privacy landscape, a Q&A with the Government of New Zealand on their use of User-Managed Access to help citizens manage data sharing, and how the ForgeRock Identity Platform can help businesses achieve their privacy objectives in 2017.
“You’re in the hospitality business? Great, my mobile phone is now a room key so I never lose them again! Um, so who sees all my room ins and outs, and are you tracking me everywhere else?”
“You make smart glucometers? Great, you send all my readings into the cloud for easy aggregation and transmission to my doctor! Wait a minute... Are you sending my health data to my employer without my okay?”
The two sides of the data sharing/data privacy coin are finally being seen as, well, stuck together in this digitally transformed, Internet of Things-enabled era. And customers, consumers, patients, and end-users of all stripes are firmly connecting these experiences to the question of trust.
In the finance and the healthcare worlds, the trend is towards open APIs for interoperability between organizations: “open banking APIs” in the former case, and APIs such as Fast Healthcare Interoperability Resources (FHIR) in the latter. Consumers of products in these areas already know they want access to the data that’s related to them and use it for their own benefit. One recent survey discovered that “Almost two-thirds of Australian consumers believe transactional banking data belongs to them and not their bank, while 88 percent already know they want to control access to the data that's about them.” (Honestly, as a regular human being vs. an IT person, what would you say?) And our long-time mantra about building trusted digital relationships -- No more data about you without you -- originally came from the healthcare world.
This is why ForgeRock has once again sponsored Data Privacy Day. We believe that “Respecting Privacy, Safeguarding Data, and Enabling Trust” has to be a strategic effort on the part of not just risk managers but also -- and perhaps especially -- digital teams looking to build relationships with users based on trust. Too often, for example, it’s easy to forego the option to ask for consent or give options for users to control their own data sharing even when it’s exactly the right answer.
There was lots going on around “the Day” this year. I appeared along with privacy luminary Michelle Dennedy and many others, at the Stay Safe Online event at Twitter HQ in San Francisco on January 26. You can find my interview with SiliconAngle discussing privacy in the IoT age here. And I’ll be at the RSA Conference talking about “Designing a New Consent Strategy for Digital Transformation” on Thursday, February 16. In this talk I’ll present a whole new classification system for consent types. Hope to see you there!
To learn more about how ForgeRock is helping organizations to address their data privacy challenges and build trusted digital relationships with their customers, visit our privacy solutions page.