Data privacy is the “It Girl” of the tech world these days. Commanding a presence in every conversation about risk management and innovation, she’s popular and trendy. Yet she’s also hard to figure out … or dare I say a little out of control. But with new hacking incidents coming to light on an almost weekly basis, it’s also more important than ever to get to know her better.
In honor of Data Privacy Day this year, let me take you on a little legislative world tour and get you guys acquainted.
On the old continent, the EU made a statement this past year about its current understanding of data privacy principles by designing the Privacy Shield framework. Global corporations rushed to comply after almost a year of uncertainty following the top EU court striking down the 15-year old Safe Harbor agreement between the EU and US. Less than six months into that relationship, the agreement is already facing legal challenges.
In APAC, regulators made headway this year in defining their standards for accessing and using personally identifiable information. This is good news for companies with business models based on data mining, or for firms using technology to automate or enhance existing processes to reach more customers. That said, the party is just getting started and it remains unclear how these new regulations will play out in practice. Will regulators view the rules in a way that supports an innovation-friendly environment, or stifle innovation by construing them too narrowly? Privacy’s true identity remains a mystery here, too.
And back in the US, the issue of privacy — generally, and with respect to personal data — is taking shape in the context of the recent presidential election. Privacy activists fear that President Trump will abuse his power over the global surveillance network, in contrast to former President Obama’s relatively modest measures taken in a post-Snowden state. During his campaign, President Trump suggested more stringent surveillance activities and increased access by state agents to personal data. Many tech companies wonder how this will impact their own practices, and to what extent their data will be subject to government collection. The UK and Germany are already headed down this path.
Given all these uncertainties, approach with caution is the lesson of the day. It will be quite some time before there is worldwide clarity, if any, on how to comply with privacy laws.
The good news is that there are many sophisticated tech companies out there that understand these issues and know how to keep data safe and use it legally. These are the companies you must work with (not the others). They are companies, like DemystData, that do not collect and store information they don’t need. They understand that the best way to manage this uncertainty is to implement best practices.
Governments and laws may change but customers will keep expecting you to maintain their data private. Associating yourself with good businesses will be a much safer bet in terms of protecting your customer’s information.
So enjoy Data Privacy Day and don’t forget to remain informed until we can once and for all figure this “It Girl” out.
By Stefanie Schmidt, General Counsel & Chief of Staff