Why Data Privacy & Compliance Is a Year-Round Event


Data Privacy Day, an international event aimed at raising awareness among businesses and end-users about the importance of protecting the privacy of their personal information online, should be a whole month or even a year-long sentiment. Not only is data something to be protected, but it’s also something business leaders and consumers alike should have control over and be educated on to ensure data privacy and security in an escalating threat landscape. Lewis Carr, Senior Director of Marketing at Actian, discusses why data privacy and control and privacy compliance shouldn’t be thought about one day a year but rather treated as a mindset to maintain year-round. 

We are coming out of one of the worst years to date for cybersecurity ransomware attacks and must learn from the past to prevent 2022 from following suit. The lack of adequate responses against attackers will only cause them to become emboldened by their success, leading to more malicious cybersecurity threats in the future. Moving forward, data privacy will primarily be driven by changing perceptions of what is considered personal information (PI) and just how important it is for public and private sector organizations to safeguard consumer data. Protecting PI will affect how and where data is stored, integrated, and analyzed. At the same time, companies will need to consider ever-expanding data privacy regulations to ensure they’re compliant and to understand customers and employees working from home.

How Millennials & Gen Z Approach Data Privacy

It’s widely thought by Gen X, and especially parents, that younger Millennials and Gen Z do not care too deeply about their PI being sold and used. I believe there is a lack of education around PI and data privacy compliance that applies to most people, not just the youngest generations. Most people don’t think about who has our data and what they are doing with it. But even if we’re concerned about it, how do we react? What do we do to change the relationship between us and those using our PI? The difference between most people under 40 years old and those above my arbitrary age marker is how invested in digital they are and what they are willing to give up to maintain control over their PI across the vast space and entities accessing it.  

A 2019 Pew Research surveyOpens a new window stated that six in ten Americans believe it is not possible to go through daily life without having their data collected from companies and the government. This fatalistic stance on their PI is now beginning to subside because GDPR has forced companies to give them an option to opt-out. They also see commercials from companies like Apple that position their products as being capable of safeguarding PI and giving consumers control over their data.

In 2022, expect to see all PI sharing options get more granular as to how we control it, both on our devices and in the cloud, specific to each company, school, or government agency that has it. Even more importantly, we’ll get some visibility into and control over how our data is shared between organizations without us involved.  

See More: Default Setting: Privacy Protection and How to Achieve It

What Makes 2022 Different?

Why now?  What’s changed? First, more legislation and the ability to comply with it has gone through a maturity curve. Let’s start with GDPR, the most notable and one of the most robust sets of guidelines around PI. While GDPR has been around for some time now and companies have been complying, that compliance usually takes the form of a binary response – opt-in or opt-out, accept cookies or don’t. When you give most people a binary choice, unless they see actual harm from one of the choices, it doesn’t take much to push them to the option the requestor is making. A recent studyOpens a new window from Yotpo found that 69% of Gen Z and Millennial respondents say they will give up their PI to a company for even a small discount. Interestingly and as probably expected, the percentage drops to 60% for Gen X and 48% for Baby Boomers. However, the aforementioned Pew Research found just over half (52%) of survey respondents decided not to use a product or service because they were worried about how their PI was used or it’s known that there’s been a data breach with that company.

In 2022, organizations will start moving away from binary compliance options (opt-in or opt-out) – those lengthy legal letters everyone ignores before checking the “I agree” box. Instead, technology companies will provide cybersecurity and data management platforms with granular permission to only specific parts of PI, e.g., where the data is stored, how long users have access and under what circumstances access is available. No one wants to see the Cookie Monster fed any longer.

New Compliance Rules Sprout Intermediaries

You can also expect new service companies to sprout up to offer intermediary support to monitor and manage data privacy. This granularity of PI use coupled with the marketing pitches from service providers who want to access consumer data will increase the chances that even companies that have made data loss mistakes in the past are given a second chance. On the surface, the assumption would be that this will increase trust, however, one possible unintended consequence is that choice and awareness increase questions. Questions increase a search for knowledge. Fairly quickly, the younger generations who we mistakenly believed willing to give up their PI blindly are empowered and aware of where their data is going and how it’s being used.  

In the year ahead, these digitally-savvy generations and their newfound appreciation for the sanctity of PI will start expanding the definition of what PI is because they realize all the media they’ve shared – photos and videos on Instagram and Facebook, Tweets and more – are all data they want to be in control of. However, for various use cases, both private companies and public sector organizations have increasingly used all social media, biometrics, and other data outside of name, address, social security number and driver’s license to build a complete dossier. Organizations that need to use PI will have a more complex task with data integration and management across disparate platforms and data types that will need rules-based masking of a far more complex set of data.

See More: The Privacy Setting That’s Not on Your Radar: Your Internet Browser

The Value of Valuing Data

In 2022, expect consumers to better understand and control their PI – either directly or through a third-party intermediary, leading to richer sets of PI over a broader range of entities. Finally, expect companies to more deftly navigate how they use and communicate their use of PI to their customers, knowing consumers will not simply acquiesce their PI as they did in the past. Organizations that demonstrate to customers that they take PI seriously and use the information to deliver improved and differentiated services will be rewarded, those that do not may get the opposite results.

Given the present data privacy regulations, do you feel safe with your personal information being stored by other organizations? Share with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to know!