Why organisations are playing catch-up with security and ethics

Digital transformation technologies are increasingly becoming a necessity for businesses in 2020 and beyond. With the demand for data increasing, maintaining privacy in today’s fully connected world can be a challenge for many businesses.

According to PwC, only 25 per cent of consumers believe that companies manage their sensitive personal data responsibly. [1] This means companies must not only protect their customers’ privacy but also make their protection measures transparent and clear so that customers can develop confidence in the organisation, according to Micro Focus.

George Atrash, head of enterprise security – Australia and New Zealand, Micro Focus, said, “For many years, society was blinded by the possibilities of Web 2.0, smartphones, GPS satnav and instant updates from friends. Privacy was never a top concern, with people happily authorising companies to collect personal, sensitive data, in exchange for free services or a more personalised experience.”

Since then, societal attitudes have shifted, particularly with the rise of artificial intelligence (AI), and its subset, machine learning (ML). There is now an increased scrutiny on privacy and data collection, with data security and transparency now expected from companies using people’s personal data for corporate gains.

The Australian Privacy Act requires companies to protect personal and sensitive data, and there are significant penalties in place for failing to do so. Regulations such as the Notifiable Data Breach Scheme implemented in Australia in February 2018 requires organisations to report ‘eligible data breaches’ to the Office of the Australian Information Commissioner (OAIC) and the affected individuals with heavy penalties imposed on organisations.

Some Australian companies may also be affected by Europe’s General Data Protection Regulation (GDPR), which applies to all organisations transacting with European-based organisations or citizens. In 2018, the GDPR was updated to require websites to notify visitors of privacy measures and ask for permission to collect personal data. This has since, and will continue, to be exacerbated by increasingly demanding privacy legislation around the world.

Micro Focus has identified three key changes privacy legislation has made to data collection:

  1. Increased disclosure - Since privacy legislation was introduced, there has been more transparency about exactly what private data a business collects and why. Privacy policies are easier to understand as well as more comprehensive. Most websites warn visitors about the storage of private data in ‘cookies’. Many sites additionally grant visitors the ability to turn off cookies except those technically necessary for the site’s operation.
  2. Multi-factor authentication - Another visible adjustment is the widespread use of multi-factor authentication. Many sites, especially those involving credit, finance, or shopping, validate login with a token sent by email, text, or voice. These sites then verify the authorised user is logging in, which helps avoid leaking private data.
  3. Encryption of private data - Encryption of private data is likely the biggest result of privacy legislations. More businesses now operate on otherwise-meaningless cipher substitutes in place of sensitive data such as customer account numbers, birthdates, email or street addresses, member names, and so on. This protects customers from breaches where private data is exploited.

George Atrash, said “Trust is created by respecting privacy and applying security to personal and sensitive data. Companies who can demonstrate this and operate with a data ethics framework will develop trust and be rewarded for doing so. Those that allegedly don’t, however, may experience a different outcome. Examples abound of large organisations that suffered data breaches were punished via their share prices and loss of customers. Reputation is critical and the cost of failing to protect customer data is far higher than the cost of putting strong data protection measures in place.”

[1] https://www.pwc.com/us/en/advisory-services/publications/consumer-intell...