Striving for a New High Water Mark in U.S. Data Privacy Policy: Part 1

In this two-part series, I look at the deluge of personal data, the rising tide of global regulation and where the U.S. must drop its proverbial data policy anchor to build long-term customer trust.

It’s raining personal data

What’s the biggest difference between a traditional customer journey around a physical product and a digitized one? Data. What’s the biggest difference between a “smart” thing – like a connected car – and a “dumb” one? Data. Personal data, available in a veritable torrent through countless B2B and B2C touch points, has emerged as a key driver of business innovation and success. It’s no surprise, then, that a 2016 report by the World Economic Forum and Accenture predicted that digital transformation (and the data that enables it) has the capacity to unlock $10 trillion of value for industries and society at large.

This influx of data, combined with an ever-increasing customer demand for innovative services, inevitably comes with privacy and trust implications. To avoid moving too fast and putting consumer information in jeopardy, we advise clients embarking on innovation journeys to first identify where digital transformation and trust risks overlap. Embracing transformation opportunities while ignoring issues that could compromise customer trust may be detrimental to a company’s long-term brand health. Consider social media. In recent months, active-user counts on both Facebook and Twitter have shown new weakness, partly over growing privacy concerns given a history of personal data breaches and misuse that is now coming to light. Though these platforms are unforgettably innovative, growing mistrust among service users has opened up opportunities for competitors; according to one source, Reddit has surpassed Facebook to become the third most visited site in the U.S. In short, it’s almost impossible to succeed with an innovation play without first considering trust – and trust has become increasingly hard to earn.

Regulation levels are rising fast

To help elevate these seemingly waning levels of public trust when it comes to personal data management, regulations are cropping up quickly – most notably the General Data Protection Regulation (GDPR), which went into effect in May. Though enforced by the EU, GDPR mandates that any business offering goods or services to EU residents must abide by its mandates – including granting the data subjects the rights of personal data access and data erasure upon request, and providing timely data breach notifications, among others. Though GDPR is one of the most comprehensive regulations to be unveiled, many additional laws, mandates, and government projects with strong privacy, consent, and data portability components have also been in the works across other parts of the globe:

  • The EU and Japan have forged a GDPR-related agreement on reciprocal data transfer adequacy.

  • In Australia, the impending Consumer Data Right will guarantee consumers the right to access their banking, energy, phone, and Internet data.

  • In Brazil, two GDPR-inspired draft data privacy bills have been voted on.

  • India has just published a draft Data Protection Bill.

Various entities in the U.S. are also beginning to borrow from the GDPR playbook. In the wake of the Facebook hearings, the U.S. Commerce Department has begun promoting new federal-level consumer privacy legislation. But already, individual states are taking privacy legislation into their own hands, as the need to restore and improve trust becomes paramount to business success and public satisfaction:

  • In California, a massive GDPR-inspired Consumer Privacy Act was recently approved.

  • In Vermont, a law to encourage personal information protection companies was recently approved (more info).

The question remains though – what does this all mean for businesses? How can corporate policies and solutions be rolled out in ways that don’t just strive for legal compliance, but that further business goals for digital transformation and innovation? It starts with leaning in to consent. Stay tuned for my next post where I’ll explain what this really means and how to get there.

Who Is Eve Maler?

Who’s Eve? Well she is definitely no stranger to the identity industry having worked with companies like Forrester Research, PayPal, and Sun Microsystems over the last 17 years. Today she kicks it as the VP of Innovation and Emerging Technology here at ForgeRock tasked with driving privacy and consent innovation in ForgeRock’s Office of the CTO. In true ForgeRock fashion, she enjoys singing bluesy-funky rock 'n' roll in her free time. If you’re lucky, sometimes you might catch her on-stage at a ForgeRock event!

Recent Posts:

What I learned at Identity Live London

Yesterday we held the London edition of our Identity Live series, an event that is always a highlight in the calendar for all of us at ForgeRock. This year was no exception.

Do It Non-Intrusively With Identity Gateway

Previously, we presented an overview of Identity Gateway and how it fits into your organization’s IAM. In the second part of this demo video series, we do a deeper technical dive on how to completely secure your business applications using reverse proxy. Check it out: