PRIVACY AND ENTERPRISE RISK MANAGEMENT

The key takeaway from recent privacy-related missteps is that organisations should be laser-focused on how they use personal data. In the last couple of years, we have seen privacy issues impact company valuations and brand trust. Organisations have stumbled due to a lack of transparency, excessive personal data collection, ignoring consumer privacy choices and retaining information longer than necessary. In addition, algorithms have recently emerged that assume biased and racist characteristics. Not surprisingly, the news coverage on privacy has moved from the technology section, to the business section, to the front page.

Governments have already responded with comprehensive privacy regulations, including the General Data Protection Regulation (GDPR) in Europe and the recently-passed California Consumer Privacy Act (CCPA) in the US. These laws are beginning to put a more comprehensive framework around data collection, processing and sharing, and are creating many new obligations and responsibilities for organisations. Penalties for privacy violations are also increasing, with the GDPR imposing penalties on violators of the greater of up to 4 percent of global revenue or €20m. Countries around the world are now considering similar updates to their own versions of data privacy regulation.

On top of all of this, organisations are rapidly deploying advanced technologies, including Big Data analytics, artificial intelligence (AI), blockchain and cloud storage and computing, to name just a few, where the responsible use of information is essential. This environment begs the questions: What should organisations do to avoid mistakes? And what should they do to gain a competitive advantage?

While organisations are working to comply with these new, more complex, and sometimes inconsistent global privacy laws, discussions around privacy are quickly moving beyond historical understandings of privacy harms and into broader questions of responsible information processing. In light of these growing concerns over the responsible use of data, digital ethics is emerging as a discrete topic. As organisations use increasingly sophisticated technologies to capture and process data, they must focus on not only implementing appropriate transparency and user-choice controls, but also addressing concepts such as bias in data sets, discriminatory effects and societal impacts.

Jan-Mar 2019 Issue

Promontory Financial Group