With the expansion of privacy regulation efforts globally in the next two years, many organizations will see the need to start their privacy program efforts. In fact, in today’s threat landscape, organizations need to handle security incidents and events with a well-documented strategy and process. It also helps to practice handling security breaches in a team environment through regular security exercises. These exercises can help organizations to measure and improve the ability to handle security incidents and data breaches in the future. By 2024, 75% of the global population will have Its personal data covered under privacy regulations. Gartner predicts that large organizations’ average annual budget for privacy will exceed $2.5 million by 2024.
- Trend 1: Data Localization
In a borderless digital society, seeking to control the country where data resides seems counterintuitive. However, this control is either a direct requirement or a byproduct of many emerging privacy laws. The risks to a multi-country business strategy drive a new approach to the design and acquisition of cloud across all service models, as security & risk management leaders face an uneven regulatory landscape with different regions requiring different localization strategies. As a result, data localization planning will shift to a top priority in the design and acquisition of cloud services.
- Trend 2: Privacy-Enhancing Computation Techniques
Unlike common data-at-rest security controls, privacy-enhancing computation (PEC) protects data in use. As a result, organizations can implement data processing and analytics that were previously impossible because of privacy or security concerns. Gartner predicts that by 2025, 60% of large organizations will use at least one PEC technique in analytics, business intelligence and/or cloud computing.
- Trend 3: AI Governance
Whether organizations process personal data through an AI-based module integrated into a vendor offering, or a discrete platform managed by an in-house data science team, the risks to privacy and potential misuse of personal data are clear. Once AI regulation becomes more established, it will be nearly impossible to untangle toxic data ingested in the absence of an AI governance program. IT leaders will be left having to rip out systems wholesale, at great expense to their organizations and to their standing.
- Trend 4: Centralized Privacy UX
Increased consumer demand for subject rights and raised expectations about transparency will drive the need for a centralized privacy user experience (UX). Forward-thinking organizations understand the advantage of bringing together all aspects of the privacy UX — notices, cookies, consent management and subject rights requests (SRR) handling — into one self-service portal. This approach yields convenience for key constituents, customers and employees, and generates significant time and cost savings. By 2023, Gartner predicts that 30% of consumer-facing organizations will offer a self-service transparency portal to provide for preference and consent management.
- Trend 5: Remote Becomes “Hybrid Everything”
With engagement models in work and life settling into hybrid, both the opportunity and desire for increased tracking, monitoring and other personal data processing activities rise, and privacy risk becomes paramount. With the privacy implications of an all-hybrid set of interactions, productivity and work-life balance satisfaction have also increased across various industries and disciplines. Organizations should take a human-centric approach to privacy, and monitoring data should be used minimally and with clear purpose, such as improving employee experience by removing unnecessary friction or mitigating burnout risk by flagging well-being risks.
