informa
/
5 MIN READ
Commentary

The Future of Privacy: What IT Leaders Need to Know

This year’s top trends in privacy highlight the critical levers enterprises need to engage over the coming years to manage liability and promote trust when handling personal information.

Contrary to what many executives may believe, privacy is not just a question of removing regulatory drag and achieving compliance. Privacy is about propelling the business forward.

Above all things, privacy is personal, and the average consumer does actually care what companies do with their data. In other words, customers will leave if they can’t see the measures that businesses are taking to protect their personal data. Such privacy concerns will become more urgent in the years to come.

Gartner predicts that by 2024, large organizations’ average annual budgets for privacy will exceed $2.5 million, allowing a shift from compliance ethics to competitive differentiation. Through 2026, organizations that mishandle personal data will suffer three times more financial damage from class actions and mass claims than from enforcement sanctions.

The Gartner top trends in privacy showcase the critical levers that business leaders need to engage over the coming two years to manage liability and promote trust when handling personal information. Here are the six key trends driving the privacy landscape and what enterprise leaders can do about them.

Centralize Privacy User Experience (UX)

The common denominator of many modern privacy regulations is a set of privacy rights granted to individuals. In the coming two years, over 60% of the world’s population will be able to freely exercise these rights -- doubling today’s numbers.

Such regulations, along with increased consumer demand for transparency, are driving the need for a centralized privacy UX: a one stop shop where organizations provide users with information on what data of theirs is held and how it is used. This allows users to exercise their privacy rights and maintain control over their information.

To-do: Bring all aspects of privacy UX -- notices, cookie management, consent, and subject rights -- into one self-service portal. It’s imperative to do this incrementally and not attempt to boil the ocean overnight. For example, let’s say you oversee privacy at a university. Over time, invite different data owners across the organization to integrate their stores of personal information into the privacy portal. You might have the admissions and the registrar feed data into the privacy portal first, and later housing and athletics would join to provide a fuller view for students.

Data Localization

After a decade of work for businesses to embrace the cloud, a new trend in data residency risks reducing this momentum to a crawl. Data localization planning will shift to be a top priority in the design and acquisition of cloud services.

The push for data localization is driven by a few sub-trends:

  • State security: Governments don’t want classified data stored outside of their territories.
  • Intelligence gathering: Some governments want to ensure that law enforcement can access information locally.
  • Protectionism: An extension of nationalist politics and the belief that locally born data should benefit local (rather than multinational) businesses.
  • Globalization: Where regulations like the GDPR allow the free flow of information, as long as it is handled in line with a set of rules.

To-do: Organizations will have to review and -- when necessary -- reengineer existing cloud deployments for modularity, invoking centralization where possible and localization where necessary.

AI Governance

AI governance is all about understanding the impact and risks of processing large amounts of personal data through AI-driven decision engines. This is an urgent issue as AI deployments are growing at a rapid pace, and AI will soon be involved in most of the decisions that organizations make.

AI-driven automation has come to form an integral part of business, operational, and security workloads. Organizations will look to regulations for guidance on the privacy and ethical risks of AI, but such regulation continues to be highly fragmented. AI governance will force organizations to reevaluate their use of the technology and modify enterprise buying habits to quantify and mitigate the negative impact to customer privacy.

To-do: Work with data leadership to develop a process to understand AI risk and put in place a plan to mitigate. Note that you also need to be prepared to defend your decisions through clear AI explainability.

Hybrid Everything

The combination of remote and in-person work, school, activities, and more has implications on everything we do. From employees to students, more sensitive information is being processed digitally and thus raises privacy risks across the enterprise at the personal, organizational and consumer levels.

To-do: An agile approach helps organizations tackle the unexpected pressures brought on by the pandemic and a hybrid work model. Handling personal data properly is not a hinderance in hybrid everything when agile is adopted.

Privacy Enhancing Computation (PEC)

PEC techniques protect personal and sensitive information at a data, software, or hardware level. They enable organizations to securely share, pool and analyze data without compromising confidentiality or privacy. Organizations increasingly seek PEC techniques to secure data sharing, analytics, BI and untrusted computing use cases.

To-do: Consider three core areas of PEC based on the needs of your organization: data transformation via synthetic data or homomorphic encryption; software-based computation via federated machine learning or zero-knowledge proof; or hardware considerations like confidential computing.

It’s important to bear in mind that Gartner’s privacy trends don’t exist in isolation but rather sit at the nexus of multiple trends that are impacting IT, marketing, HR, and more. Bringing these stakeholders into the privacy conversation ensures easier buy-in, more substantial value, and a shorter time to value.

Privacy is not just an IT or security concern; the impact of these privacy trends will be felt enterprise wide. For customer-facing organizations specifically, the extent to which they adopt these privacy trends, can either make or break the business. Gartner recommends all enterprises prioritize the trends that will impact the business the most, and then engage leadership counterparts in other business units for alignment and support and track each trend over time.

Nader Henein is a research vice president at Gartner, Inc. who is presenting on the Gartner top trends in privacy during the Gartner Security and Risk Management Summit, take place this week virtually in the Americas.

Editor's Choice
John Edwards, Technology Journalist & Author
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author
John Edwards, Technology Journalist & Author
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing