Data Privacy a Priority for Governments Across the Globe, Pushing Companies to Follow Suit
The Canadian government made waves in the business world last month with the introduction of Bill C-11. Otherwise known as the Digital Charter Implementation Act, the bill aims to serve as a more organized and smartly written replacement for the Personal Information Protection and Electronic Documents Act (PIPEDA), which had become hopelessly outdated and inadequate since it was implemented in 2000.
It is hoped that Bill C-11 will give Canadian data protection laws a much-needed reset, bringing them into line with the gold standard set by the EU’s General Data Protection Regulation (GDPR) and even surpassing that impressive benchmark in some respects. The Canadian law, for example, threatens transgressors with a fine of up to 5% of their gross global revenue—a more severe penalty than the GDPR’s 4%. The comprehensive new privacy regulations Ottawa is ushering in are part of a broader global trend: Brazil and Kenya have brought in legislation that is closely modeled on the GDPR, while California and New Zealand also recently pushed through stringent new reforms. As governments clamp down on data security and consumers make their voices increasingly heard on the subject, businesses around the world must act quickly to ensure they do not fall foul of the new laws.
With many firms struggling to manage the transition, experts who can react quickly to regulatory developments are proving a valuable commodity. As governments around the world ratchet up their data privacy protections, a whole new industry may crop up of firms facilitating compliance with the latest regulations and best practices.
Compliance is key to remaining competitive
The first effects of the new regulations – and the perils of not complying with them – are already being witnessed. In the UK, for example, the Information Commissioner’s Office have signaled their intention to issue British Airways and the international hotel chain Marriott with fines of $222 million and $120 million, respectively. In the United States, the Federal Trade Commission has imposed a record-breaking $5 billion civil penalty against social media behemoth Facebook, the largest of its kind for any company violating the privacy of its customers anywhere in the world.
While those eye-watering sums involve multinational conglomerates with the deepest of pockets, a recent survey indicated that even the average losses incurred by a data privacy crisis amount to $79 million, more than enough to bankrupt most companies. It’s not just the fiscal stick that businesses should be mindful of, either; there’s also the carrot of consumer demand to consider. With a recent poll showing that 82% of respondents consider that data privacy is either extremely or very important to them, those businesses which are ahead of the curve have a very attractive policy to dangle in front of the noses of prospective customers.
Innovative tech plugging knowledge deficit
Despite the overwhelming evidence that suggests compliance is now compulsory, many businesses are struggling to keep up. In the U.S., nearly 60% of companies fear they lack the resources to properly address the situation. European countries fare little better—across the pond, a mere 35% of businesses say they feel confident that they are meeting all of the requirements of GDPR, with the main barriers to compliance cited including lack of skilled personnel (37%), corporate culture (37%), knowledge deficit (35%) and financial costs (33%).
Thankfully, a new wave of innovative start-ups have emerged, offering potential solutions to those thorny issues, including a multitude of firms which have developed comprehensive systems to make it easier for companies and their customers to manage their data. Data privacy specialist Manetu, for example, is leading the charge in this respect; its consumer privacy management (CPM) platform, launched in April of this year, has already surpassed 4.5 million managed identities just over six months later. The programme takes much of the guesswork out of complying with data privacy rules, by organising and classifying all data a business holds on any given consumer and allowing customers to directly grant or withhold permissions for their data to be used. Manetu’s responsiveness and proactivity in quickly rolling out new offerings is likely to win over further customers who are keen to quickly ensure they’re compliant with the latest legislation.
Data privacy industry on the rise
As business transactions and social interactions alike progressively shift into the digital sphere, a trend that’s only been accelerated by the coronavirus pandemic, the issue of data security is only likely to occupy an increasing share of our headlines and headspace going forwards. Indeed, that state of affairs has only been even further highlighted by the outbreak of a global pandemic this year; the sharing of data can serve as an integral component in bringing the disease under control, but it can also offer opportunities for unscrupulous individuals and organizations to exploit that sharing and compromise the privacy of sensitive personal data in the process.
One thing is for sure, then: safeguarding data must become a matter of urgency for governments and businesses across the globe. Simply implementing stringent rules, however, won’t be enough to spark a sea change in privacy protection unless businesses both understand the new protocols they’re supposed to adhere to and are willing to make the investment to fully comply with them. In the short term, technological solutions and boutique firms will undoubtedly continue to crop up offering them a shortcut to compliance.
As more and more businesses begin to see the benefits of keeping up to date with both government regulations and consumers’ expectations of how their data will be stored and used, the private sector may eventually become the engine driving better and more innovative data privacy protection.