Privacy

Striving for a New High Water Mark in U.S. Data Privacy Policy: Part 1

Eve Maler · August 20, 2018

In this two-part series, I look at the deluge of personal data, the rising tide of global regulation and where the U.S. must drop its proverbial data policy anchor to build long-term customer trust.

It’s raining personal data

What’s the biggest difference between a traditional customer journey around a physical product and a digitized one? Data. What’s the biggest difference between a “smart” thing – like a connected car – and a “dumb” one? Data. Personal data, available in a veritable torrent through countless B2B and B2C touch points, has emerged as a key driver of business innovation and success. It’s no surprise, then, that a 2016 report by the World Economic Forum and Accenture predicted that digital transformation (and the data that enables it) has the capacity to unlock $10 trillion of value for industries and society at large.

This influx of data, combined with an ever-increasing customer demand for innovative services, inevitably comes with privacy and trust implications. To avoid moving too fast and putting consumer information in jeopardy, we advise clients embarking on innovation journeys to first identify where digital transformation and trust risks overlap. Embracing transformation opportunities while ignoring issues that could compromise customer trust may be detrimental to a company’s long-term brand health. Consider social media. In recent months, active-user counts on both Facebook and Twitter have shown new weakness, partly over growing privacy concerns given a history of personal data breaches and misuse that is now coming to light. Though these platforms are unforgettably innovative, growing mistrust among service users has opened up opportunities for competitors; according to one source, Reddit has surpassed Facebook to become the third most visited site in the U.S. In short, it’s almost impossible to succeed with an innovation play without first considering trust – and trust has become increasingly hard to earn.

Regulation levels are rising fast

To help elevate these seemingly waning levels of public trust when it comes to personal data management, regulations are cropping up quickly – most notably the General Data Protection Regulation (GDPR), which went into effect in May. Though enforced by the EU, GDPR mandates that any business offering goods or services to EU residents must abide by its mandates – including granting the data subjects the rights of personal data access and data erasure upon request, and providing timely data breach notifications, among others. Though GDPR is one of the most comprehensive regulations to be unveiled, many additional laws, mandates, and government projects with strong privacy, consent, and data portability components have also been in the works across other parts of the globe:

  • The EU and Japan have forged a GDPR-related agreement on reciprocal data transfer adequacy.

  • In Australia, the impending Consumer Data Right will guarantee consumers the right to access their banking, energy, phone, and Internet data.

  • In Brazil, two GDPR-inspired draft data privacy bills have been voted on.

  • India has just published a draft Data Protection Bill.

Various entities in the U.S. are also beginning to borrow from the GDPR playbook. In the wake of the Facebook hearings, the U.S. Commerce Department has begun promoting new federal-level consumer privacy legislation. But already, individual states are taking privacy legislation into their own hands, as the need to restore and improve trust becomes paramount to business success and public satisfaction:

  • In California, a massive GDPR-inspired Consumer Privacy Act was recently approved.

  • In Vermont, a law to encourage personal information protection companies was recently approved (more info).

The question remains though – what does this all mean for businesses? How can corporate policies and solutions be rolled out in ways that don’t just strive for legal compliance, but that further business goals for digital transformation and innovation? It starts with leaning in to consent. Stay tuned for my next post where I’ll explain what this really means and how to get there.

Tags
GDPR Privacy Consent Regulations

Eve Maler

Eve Maler is ForgeRock's CTO. She is a globally recognized strategist, innovator, and communicator on digital identity, security, privacy, and consent, with a passion for fostering successful ecosystems and individual empowerment. She has 20 years of experience innovating and leading standards such as SAML and User-Managed Access (UMA), and has also served as a Forrester Research security and risk analyst. She leads the ForgeRock Labs team investigating and prototyping innovative approaches to solving customers' identity challenges, along with driving ForgeRock's industry standards leadership.