For companies, getting data privacy right is no longer just a compliance exercise – a box to be ticked. Instead, having a robust approach to managing personal data well is beginning to be seen as an important competitive advantage for organizations.
Today – January 28 – is Data Privacy Day around the globe. There will be a lot of focus on new data privacy regulations, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). However, it’s important to recognize that even the legislators and regulators who created these rules view a robust data privacy approach as important for economic growth – and thus a competitive issue. For example, GDPR is actually part of the EU’s Single Digital Market initiative, which seeks to empower both its citizens and its economy. These are rules designed to help manage economic and societal risks, so that innovation can develop faster.
Another example of these kinds of rules is a recent EU consultation on Draft Ethics Guidelines for Trustworthy AI. Other governments around the globe, such as Singapore, are also looking at the relationship between personal data and AI. That’s because governments realize the essential role that personal data plays in the use of technologies such as artificial intelligence (AI), machine learning (ML), and the Internet of Things (IoT). They can see that the personal data that companies hold will power these technologies.
More companies are embracing this perspective, too – that it is essential to have a personal data culture that enforces data privacy, respects the rights of individuals around their personal data, and protects data. These companies see that they must proactively manage the risks associated with the use of personal data in order to successfully innovate. They also recognize that failure to manage these risks can be devastating to an organization’s reputation and revenues.
Other stakeholders in the corporate ecosystem also understand these issues. For example, credit rating agency Moody’s is viewing cyber risks – such as a personal data breach or misuse of personal data by a company – as being equivalent to event risks in its credit analysis of companies. The consequences of having a sub-optimal approach to data privacy can now include a lower credit rating and higher funding costs. In addition, some companies who have been subject to personal data breaches have seen their share prices drop by 40% or more.
All of this points to a trend for increased transparency and disclosure by companies of their approach to the use of personal data, how they keep personal data safe, and how they support the data rights of the individuals whose data they hold. Clearly, under all of the new data privacy rules coming out, companies have to provide evidence to regulators of compliance.
However, this new trend goes beyond this – companies are beginning to proactively disclose their approach to data privacy in investor relations documents, and in customer-facing materials. They recognize the importance of building trust within their ecosystem around personal data. And building this trust brings rewards – for example, customers may be more likely to purchase a product with IoT functionality in it from a company they know will handle the personal data the product transmits ethically. Or, investors will view a company known to have a strong data privacy program as less likely to suffer a personal data breach, and as being more resilient if one does occur.
In short, savvy organizations are recognizing that having a strong, ethical approach to managing personal data – which they then communicate to their ecosystem – could potentially have significant competitive advantages well beyond pure regulatory compliance. So, on Data Privacy Day, it’s worth sitting down and thinking about what kind of a personal data strategy your organization has today.