The 5 privacy trends impacting organisations today
As Australia progresses towards Mandatory Data Breach Reporting - which will come into effect in late February 2018 – Australia Post spoke with five industry leaders who identified the trends impacting the way large organisations manage the privacy and security of their customers:
- The commoditisation of big data analytics
- Transparency as a trustworthy differentiator
- Enhanced data breach management systems
- Biometrics as the key digital identifier of the future
- The prevention principles of algorithmic harms
“More than ever, companies are seeing the inherent value in the data they hold and are seeking new ways to leverage the value and diversity of that data,” says NAB Acting Chief Privacy Officer, Saara Mistry.
“Companies want to derive commercial benefit, sell insights from their own data and also ingest granular and meaningful insights from other companies to augment their own data sets.”
Saara points out that we’re already witnessing the early emergence of this trend, and there are clear signs that a shift from traditional models of customer data analytics towards more commercial ones is well underway.
How organisations control this data supply so that its customers are adequately protected may well be the biggest test ahead.
Australia Post Head of Identity, Trust and Safety, Linden Dawson, points out that greater clarity and transparency will be pivotal for organisations as they make this transition to mandatory reporting.
“Say you’re playing a game on your phone and suddenly get asked for your location,” says Dawson. “Why would a gaming app need that? So we have to ensure that our solutions don’t lead to this over-sharing of information and that we, as businesses, don’t over-collect information that’s inappropriate.”
The challenges most companies face here is balancing how they leverage the value of customer data while retaining the privacy and security of that information.
To strike that balance, NAB’s Saara Mistry says organisations need to be completely transparent about how they collect, use and share people’s personal information. And this should also include checks on why certain data need to be collected.
The Mandatory Data Breach Reporting framework will set guidelines as to what constitutes a serious data breach and how organisations should respond.
“Recently, we’ve seen examples where organisations weren’t the first to alert individuals with details of a data breach,” says Telstra Chief Privacy and Compliance Officer, Jason Holandsjo. “In these instances, the news was often broken to them via social media channels which aren’t always 100 per cent right.
“Having to correct another party’s misinformation is both time-consuming and potentially confusing for customers. Organisations need to be able to make sure that accurate but timely information is being put out there. This is the enormous challenge for many of them.”
According to Holandsjo, any customer-centric organisation should already have in place the systems and processes to quickly detect, manage and engage with customers in such situations.
“Biometrics is still theoretically the ideal technology in order to authenticate someone’s identity but there are challenges around authentication referencing, spoofing and accuracy,” says Australia Post General Manager of Identity Services, Regis Bauchiere.
As an individual’s digital information comes under an increasing threat from malware and other cyber-attacks, the ways we all protect our personal data is key.
To this, Australia Post’s Linden Dawson adds, “Companies have a responsibility to their customers to keep challenging themselves to find the best solutions, and to create privacy policies that align with the best identity frameworks available.”
Former Commissioner for Privacy and Data Protection in Victoria, David Watts, points out that algorithms are essentially instructions for accomplishing a task, and warned that like any other set of instructions, algorithms can make mistakes and produce unintended results that could result in data breaches.
“When malfunctions occur it can lead to serious harm so these advanced algorithmic analytics can’t be treated as a mystical, unchallengeable and unaccountable black box,” says Watts.
“In the future, the discussion will be concentrated on how organisations can minimise or prevent algorithmic harms and it will focus on six principles - responsibility, transparency, auditability, quality, security and fairness.”
Algorithms are increasingly used, via machine learning and other forms of artificial intelligence, to reduce the time it takes to accomplish digital tasks. Keeping a clear view of how algorithms impact data collection and storage for customers is a core challenge ahead.