SlideShare una empresa de Scribd logo

Companies, digital transformation and information privacy: the next steps

The Economist Media Businesses
The Economist Media Businesses

The internet and sovereign privacy laws have been on a collision course for decades, with growing tensions from all jurisdictions.

Tecnología
1 de 8
Descargar para leer sin conexión
A report from The Economist Intelligence Unit Sponsored by Companies, digital transformation and information privacy: the next steps
© The Economist Intelligence Unit Limited 2016 1 Companies, digital transformation and information privacy: the next steps The Internet and sovereign privacy laws have been on a collision course for some time now, with growing tensions arising in all jurisdictions. The lack of trust burst into view in October 2015, with the European Court of Justice’s rejection of the Safe Harbour agreement, a set of guidelines that had previously been understood as providing sufficient security for European citizens’ private data to be held in or used by companies in the United States. The ruling about Safe Harbour’s inadequacy and questions about the proposed replacement agreement, Privacy Shield, which had been hammered out by EU and US negotiators, have created a legal limbo and have left companies that do business in the EU uncertain about how to proceed. Online privacy is not just a subject of transatlantic debate. Concern about these issues is gathering steam around the world, including in Africa, the Middle East and Asia. What happens between Europe and the US, however, will shape the global data-sovereignty debate for years to come—both because of the prominence of the companies headquartered in both places and because the EU is the highest common denominator when it comes to privacy issues. The outcome of the current dispute may even prompt companies to rethink the idea— largely unquestioned in recent years—that holding on to data is an unqualified good. To build greater understanding of the state of play in the development and navigation of privacy laws, the Economist Intelligence Unit (EIU) conducted in-depth interviews with legal, technical and regulatory subject-matter experts on all sides of the debate. This report explores the challenges that global businesses face when addressing the complex and fluctuating policy environment and offers a set of best practices that companies can follow to meet evolving privacy and security demands. We would like to thank the following interviewees for their time and valuable contributions to our research: Giovanni Buttarelli, European data protection supervisor Martin Fanning, partner and data privacy expert, Dentons David McCue, senior executive advisor, Xerox Zoe Strickland, global chief privacy officer, JPMorgan Chase Jeb Weisman, chief information officer, Children’s Health Fund Eugene Weitz, general counsel, Americas, at SAI Global Robin Wilton, director, Trust and Identity team, The Internet Society Introduction
© The Economist Intelligence Unit Limited 2016 2 Companies, digital transformation and information privacy: the next steps Setting the scene A consumer who reaches the step of agreeing to a new online privacy policy often has an instant of doubt. But most consumers just hold their breath and tap the button that says “Yes, accept”, to terms and conditions—reasoning that their financial and personal information will be carefully guarded, particularly if they are dealing with a well-respected brand. They may also assume that what they don’t know (as a result of not having carefully read a privacy policy before agreeing to it) probably can’t hurt them. Companies can’t make the same decision not to engage with the details of privacy. The issues are well-known: the ever growing business benefits of understanding customers better and the huge financial and reputational risks of losing control of the data that allow companies to do so. But there are many more obscure, and no less important, risks as well. Customer records are stored in data centres, often operated by third parties, all around the world, with the centres themselves subject to a range of operational, security and legal risks. In addition, different customers are typically protected by different privacy laws depending on their nationality. The EU, where consumer privacy is seen as a fundamental right, is moving towards a set of particularly stiff fines for companies that don’t protect customers’ private information, as part of a broad new set of regulations. Within a couple of years, companies not in compliance with European privacy laws will face fines of up to 4% of their global turnover. That’s a staggering amount, putting data privacy penalties on par with antitrust fines in Europe. And even in privacy cases where the penalties are more modest, or there’s no monetary penalty at all—whether because the questionable privacy practice took place in a less-regulated region or wasn’t found to be an actual violation of the law—companies could certainly face significant backlash in other ways. “It’s a PR issue,” said Eugene Weitz, general counsel, Americas, at SAI Global, an Australian company specialising in solutions and services that help manage risk and compliance. “It’s the kind of thing that affects companies up, down and sideways,” Mr Weitz added. In the last few years, the ubiquity of cloud computing has complicated the challenge for all parties. A government might want to regulate or sanction a company that has suffered a breach or failed to protect its citizens’ private data. But if the company is located outside a country’s boundaries or if it isn’t clear in what country or region the compromised data are being stored or processed, or on whose servers, regulators can have difficulty taking any sort of corrective action or even determining which laws might apply. Companies themselves are often not much clearer about which jurisdiction’s laws they need to abide by. “You are constantly weaving through a hotch-potch of different rules and regulations, and they get very, very technical,” said David McCue, an executive advisor to Xerox’s global chief information security officer. He likened it to “the old idea of an information highway”, the difference being that on this highway, the laws vary, sometimes confusingly, depending on whose jurisdiction one happens to be in. GDPR on the horizon: Europe’s evolving regulations Europe is developing a sweeping new set of rules, embodied in what it is calling the “General Data Protection Regulation” (GDPR), to define how consumer data need to be treated in the EU. In theory, the GDPR—which will cover personal data, including names, photos, e-mail addresses, medical information and posts on “You are constantly weaving through a hotch-potch of different rules and regulations, and they get very, very technical.” David McCue, executive advisor to Xerox’s global chief information security officer.
© The Economist Intelligence Unit Limited 2016 3 Companies, digital transformation and information privacy: the next steps social media sites—will make it possible for multinational companies to apply a single privacy policy throughout Europe. But it’s not expected to take effect until 2018. A long time to wait for certainty, thus many in Europe and the US are hoping for a ratification of Privacy Shield, the transatlantic deal that has been put forward as a near-term replacement for Safe Harbour. “We are all suffering because of the limbo,” Giovanni Buttarelli, the European data protection supervisor, said in an interview in his Brussels office. Mr Buttarelli and others acknowledged that the uncertainty is a particularly big challenge for smaller companies that don’t have a lot of resources to devote to compliance. “We cannot leave thousands of small and medium enterprises in this position for another two or three years,” he said. According to privacy law experts, companies doing business in the European Economic Area have a few options to remain in compliance. First, they can tell a European consumer how they plan to use and store that consumer’s data in a simplified privacy policy and ask for the user’s consent. Second, they can use “model contracts”, which are European Commission- mandated contractual terms for dealing with European consumers’ data. A third option is to go through a much more elaborate process of developing “Binding Corporate Rules” (BCRs) of their own. BCRs apply to all the processes and policies companies use in all of their operations and must be approved by European regulators. But they have the advantage of being custom- fit to companies’ own processes—not the case with model contracts. “You have to invest a huge amount of time into BCRs,” said Martin Fanning, a partner and data privacy expert at Dentons, a London- based law firm. “BCRs can take several months to complete but, because they are based on a business’s own governance and policies and involve dialogue with European data regulators, they are regarded by many as the platinum standard for international data transfers within a multinational group.” Mr Fanning added that BCRs “live and breathe with a business as it grows and changes”, a quality that he said makes them more robust than other legal options for international transfers. By contrast, he said, consent can be revoked by an individual, and the EU Commission-approved model contracts can be rigid and in need of regular updating. The complicated role of technology The cloud is perhaps the best known, but it is not the only technology that is complicating matters alongside offering business benefits. Since technology has vastly increased the availability of free-flowing personal data, with all the accompanying benefits and problems, it might seem reasonable to ask that technology also provide the necessary solutions. The reality is more challenging. To be sure, an encryption- reinforced file server or database (and the use of other technologies, like tokens and containers) can prevent consumers’ private information from being accessed in the first place or from being compromised if a breach occurs. That can forestall embarrassment and economic losses associated with cases of large-scale credit card theft. However, in the legal environment of the future, security systems that protect data won’t necessarily ensure compliance even if they prevent break-ins. Increasingly, privacy laws can be interpreted as requiring companies to exercise greater control over data and, in some instances, to follow rules that spell out where data must be located. Companies are having to make multiple decisions and position themselves to be in compliance with laws in many jurisdictions. Doing this successfully will take judgment and global awareness—not attributes that can “We are all suffering because of the limbo. We cannot leave thousands of small and medium enterprises in this position for another two or three years.” Giovanni Buttarelli, European data protection supervisor
© The Economist Intelligence Unit Limited 2016 4 Companies, digital transformation and information privacy: the next steps necessarily be captured by a straightforward technology or software system. Robin Wilton, technical outreach director for identity and privacy at the Internet Society, an organisation focused on fostering the Internet’s growth and preserving its technical standards, observed that people don’t always recognise the futility of trying to address privacy issues through technology alone. He said the Internet Society sometimes gets calls from people who want it to sponsor the development of a “privacy plug-in”—an idea he considers fanciful—not realising that effective privacy protection is an ecosystem and human-relationship issue before it is a software issue. “It’s that ‘Where’s the instant fix?’ mentality that tends to lead us down the wrong road,” Mr Wilton said. The deeper people’s backgrounds in technology, the more they tend to understand that a purely digital solution isn’t feasible. As Jeb Weisman, the chief information officer at Children’s Health Fund, a New York nonprofit handling sensitive medical data, put it: “The technology can’t decide what’s private.” Instead, he said, the systems that can help companies with privacy are systems that support governance. “What I see is a set of human expectations that need to be met. And in the case of my organisation or any organisation, they need to be codified. Once they’re codified, then we can use software tools and secondarily security tools. The security tools stop breaches. But the privacy tools help us understand what’s private and manage it.” To be sure, privacy and security are intertwined—companies can’t safeguard one without investing in the other. Xerox’s Mr McCue underscores this with a warning about how common security breaches are nowadays. “If you went and spoke to any of the national law enforcement agencies, whether in the US or in Europe, they will tell you that, as a whole, companies underestimate how much of their data has been lifted, stolen or compromised,” Mr McCue said. “I have been in meetings where a particular company has said, ‘No, we’re good’, and the law enforcement representative has said, ‘Well, we have a database back at headquarters that shows two terabytes of your inside information that we’ve recovered from someplace on the dark Web. You’ve been hacked and didn’t know it.’” Looking towards a North Star for regulation In the future, companies will clearly have to understand the full range of restrictions that different localities have placed on how personal information is used, shared and stored. It’s possible that the EU’s efforts, including with the GDPR, will influence what countries in regions such as Asia and Africa include in their own privacy regulations. If that happens, GDPR may end up providing a sort of specific target that companies worldwide can aim for. Even today, though, while regulations remain uncertain, a comprehensive and thoughtful online privacy policy can be a selling point in the digitally driven economy. Mr Buttarelli, the European regulator, said he was reminded of this when he made a trip to Silicon Valley last year. Some of the start-ups he visited, instead of treating privacy as an afterthought, were making it a core part of their appeal to customers. He put this in the category of “privacy by design”, an approach to systems engineering that is fast catching on. “I don’t see any dichotomy between privacy and innovation,” Mr Buttarelli added. As companies seek their own innovative ways to build and maintain value from data despite the confusion of today’s privacy and “It’s that ‘Where’s the instant fix?’ mentality that tends to lead us down the wrong road.” Robin Wilton, technical outreach director for identity and privacy at the Internet Society
© The Economist Intelligence Unit Limited 2016 5 Companies, digital transformation and information privacy: the next steps security regulations, the research suggests that the following approaches will likely help them navigate: l Know thyself from a privacy perspective. Businesses’ first move should be to do an audit, or mapping exercise, of their data. What data they have, how they are being used, where the data are being used and which third parties might be handling them are all areas a company must know cold. “It takes data mapping of an entire company to understand what the needs and requirements are,” said Mr Weitz, the general counsel, Americas, at SAI Global. l Build a cross-functional privacy team. By definition, a company is going to have some competing interests on privacy. The general counsel is primarily going to be concerned about protecting the company from litigation, the chief information officer about preventing security breaches, the chief marketing officer about increasing sales. The privacy function of a company can only identify the right trade-offs if it includes some individuals who can parse regulations; other individuals who understand data and technology; and still others who possess a strong knowledge of the business. l Get rid of unneeded data. In this era of the cloud, digital information and customer records have become so cheap to hold on to that many companies do so as a matter of course. This is partly a reflection of the fashion for “big data” and the sense, as CIO Dr Weisman puts it, “that the insight is just around the corner”. In fact, a lot of old customer records are “toxic data assets”, Dr Weisman said, quoting Bruce Schneier, the cryptographer and widely followed blogger. Many privacy experts advocate “data minimalisation”—having the discipline to keep only the data you need. l Find the right partners. Almost every company these days has at least some customer data stored on third-party cloud databases. “You are dependent on these companies and the services they provide to include a level of protection for your data,” said Mr McCue, an executive adviser at Xerox. As a consequence, companies should “look for vendors with very strong capabilities in the protection of data stored with them”, he said. Finding such companies is likely to become easier in the future as part of the GDPR will require IT vendors that previously bore no direct responsibility for privacy to comply with data protection laws. l Apply the “function before form” principle to your privacy initiatives. To date, the obligatory nature of how companies deal with privacy has been evident in the checklists of their policies. Consumers click impatiently through the policies because it’s clear from the way they are presented that they contain nothing of interest. This isn’t the way to do it. Long, complicated policy explanations aren’t integral to protecting consumers’ personal information. They don’t make anyone feel more comfortable. Something simpler and more functional may well work better. No matter what happens with Privacy Shield and the GDPR, the global privacy story won’t be finished. There will be other twists, perhaps influenced by developments in regions outside the EU and US. For now, companies need flexibility in their approach and options that meet different requirements in different jurisdictions. They have to find ways to be in compliance despite the regulatory uncertainty. The costs of not doing so are simply too great. Long, complicated policy explanations aren’t integral to protecting consumers’ personal information. They don’t make anyone feel more comfortable.
© The Economist Intelligence Unit Limited 2016 6 Companies, digital transformation and information privacy: the next steps Whilst every effort has been taken to verify the accuracy of this information, neither The Economist Intelligence Unit Ltd. nor the sponsor of this report can accept any responsibility or liability for reliance by any person on this report or any of the information, opinions or conclusions set out in the report. Cover:Shutterstock
London 20 Cabot Square London E14 4QW United Kingdom Tel: (44.20) 7576 8000 Fax: (44.20) 7576 8476 E-mail: london@eiu.com New York 750 Third Avenue 5th Floor New York, NY 10017 United States Tel: (1.212) 554 0600 Fax: (1.212) 586 0248 E-mail: newyork@eiu.com Hong Kong 1301 Cityplaza Four 12 Taikoo Wan Road Taikoo Shing Hong Kong Tel: (852) 2585 3888 Fax: (852) 2802 7638 E-mail: hongkong@eiu.com Geneva Boulevard des Tranchées 16 1206 Geneva Switzerland Tel: (41) 22 566 2470 Fax: (41) 22 346 93 47 E-mail: geneva@eiu.com

Recomendados

scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04Jan Dhont
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingJes Breslaw
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataLaurence
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands legalandgeneral
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Dryden Geary
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 

Recomendados

scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04Jan Dhont
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingJes Breslaw
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataLaurence
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands legalandgeneral
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Dryden Geary
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
 
2012 year end-electronic-discovery-update
2012 year end-electronic-discovery-update2012 year end-electronic-discovery-update
2012 year end-electronic-discovery-updateGareth Evans
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Ian Beckett
 
Digital Transformation Summit: theJurists Europe case
Digital Transformation Summit: theJurists Europe caseDigital Transformation Summit: theJurists Europe case
Digital Transformation Summit: theJurists Europe caseMatthias Dobbelaere-Welvaert
 
Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...Cédric Laurant
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsYogeshIJTSRD
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Paul Richards
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009canadianlawyer
 
Telcos and ISPs Prepare For New Data Breach Disclosure Rules
Telcos and ISPs Prepare For New Data Breach Disclosure RulesTelcos and ISPs Prepare For New Data Breach Disclosure Rules
Telcos and ISPs Prepare For New Data Breach Disclosure RulesJohn Davis
 
Privacy Year In Preview
Privacy Year In PreviewPrivacy Year In Preview
Privacy Year In PreviewRockwell Bower, Esq., CIPP(US), CIPM
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guideAngad Dayal
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
 
Cybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateCybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateWilmerHale
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-DisruptionHewlett Packard Enterprise Business Value Exchange
 
Digital transformation steps for business
Digital transformation steps for businessDigital transformation steps for business
Digital transformation steps for businessUniversity of Derby
 
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...eZ Systems
 

Más contenido relacionado

La actualidad más candente

GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.Steven Salter
 
2012 year end-electronic-discovery-update
2012 year end-electronic-discovery-update2012 year end-electronic-discovery-update
2012 year end-electronic-discovery-updateGareth Evans
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Ian Beckett
 
Digital Transformation Summit: theJurists Europe case
Digital Transformation Summit: theJurists Europe caseDigital Transformation Summit: theJurists Europe case
Digital Transformation Summit: theJurists Europe caseMatthias Dobbelaere-Welvaert
 
Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...Cédric Laurant
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsYogeshIJTSRD
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Paul Richards
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009canadianlawyer
 
Telcos and ISPs Prepare For New Data Breach Disclosure Rules
Telcos and ISPs Prepare For New Data Breach Disclosure RulesTelcos and ISPs Prepare For New Data Breach Disclosure Rules
Telcos and ISPs Prepare For New Data Breach Disclosure RulesJohn Davis
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guideAngad Dayal
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
 
Cybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateCybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateWilmerHale
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 

La actualidad más candente (19)

GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.
 
2012 year end-electronic-discovery-update
2012 year end-electronic-discovery-update2012 year end-electronic-discovery-update
2012 year end-electronic-discovery-update
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017
 
Digital Transformation Summit: theJurists Europe case
Digital Transformation Summit: theJurists Europe caseDigital Transformation Summit: theJurists Europe case
Digital Transformation Summit: theJurists Europe case
 
Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform Operators
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009
 
Telcos and ISPs Prepare For New Data Breach Disclosure Rules
Telcos and ISPs Prepare For New Data Breach Disclosure RulesTelcos and ISPs Prepare For New Data Breach Disclosure Rules
Telcos and ISPs Prepare For New Data Breach Disclosure Rules
 
Privacy Year In Preview
Privacy Year In PreviewPrivacy Year In Preview
Privacy Year In Preview
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guide
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
 
Cybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateCybersecurity and Data Privacy Update
Cybersecurity and Data Privacy Update
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL security
 

Destacado

Digital transformation steps for business
Digital transformation steps for businessDigital transformation steps for business
Digital transformation steps for businessUniversity of Derby
 
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...eZ Systems
 
5 Steps to Define Digital Transformation Requirements
5 Steps to Define Digital Transformation Requirements5 Steps to Define Digital Transformation Requirements
5 Steps to Define Digital Transformation RequirementsMike Connor
 
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
Digital Transformation Playbook: Guide to Unleashing Exponential GrowthDigital Transformation Playbook: Guide to Unleashing Exponential Growth
Digital Transformation Playbook: Guide to Unleashing Exponential GrowthBMC Software
 
The 2016 State of Digital Transformation - Altimeter
The 2016 State of Digital Transformation - AltimeterThe 2016 State of Digital Transformation - Altimeter
The 2016 State of Digital Transformation - Altimeter42medien
 
Digital transformation masterclass june 2016
Digital transformation masterclass june 2016Digital transformation masterclass june 2016
Digital transformation masterclass june 2016Scopernia
 
6 Powerful Steps To Speed-Up Manufacturing's Digital Transformation
6 Powerful Steps To Speed-Up Manufacturing's Digital Transformation6 Powerful Steps To Speed-Up Manufacturing's Digital Transformation
6 Powerful Steps To Speed-Up Manufacturing's Digital TransformationCognizant
 
Developing a Roadmap for Digital Transformation
Developing a Roadmap for Digital TransformationDeveloping a Roadmap for Digital Transformation
Developing a Roadmap for Digital TransformationJohn Sinke
 
Moving digital transformation forward: Findings from the 2016 digital busines...
Moving digital transformation forward: Findings from the 2016 digital busines...Moving digital transformation forward: Findings from the 2016 digital busines...
Moving digital transformation forward: Findings from the 2016 digital busines...Deloitte United States
 
Mastering Digital Disruption in Retail
Mastering Digital Disruption in RetailMastering Digital Disruption in Retail
Mastering Digital Disruption in RetailScopernia
 
The Connected: How Digital is Transforming the Traveler Experience
The Connected: How Digital is Transforming the Traveler ExperienceThe Connected: How Digital is Transforming the Traveler Experience
The Connected: How Digital is Transforming the Traveler ExperienceRafat Ali
 
Digital Transformation: What it is and how to get there
Digital Transformation: What it is and how to get thereDigital Transformation: What it is and how to get there
Digital Transformation: What it is and how to get thereEconsultancy
 
Digital transformation in 50 soundbites
Digital transformation in 50 soundbitesDigital transformation in 50 soundbites
Digital transformation in 50 soundbitesJulie Dodd
 

Destacado (15)

The Path to Self-Disruption
The Path to Self-DisruptionThe Path to Self-Disruption
The Path to Self-Disruption
 
Digital transformation steps for business
Digital transformation steps for businessDigital transformation steps for business
Digital transformation steps for business
 
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...
Digital Adaptation (presented by Paul Boag, User Experience and Digital Trans...
 
Digital transformation and you: a seminar for Charites
Digital transformation and you: a seminar for CharitesDigital transformation and you: a seminar for Charites
Digital transformation and you: a seminar for Charites
 
5 Steps to Define Digital Transformation Requirements
5 Steps to Define Digital Transformation Requirements5 Steps to Define Digital Transformation Requirements
5 Steps to Define Digital Transformation Requirements
 
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
Digital Transformation Playbook: Guide to Unleashing Exponential GrowthDigital Transformation Playbook: Guide to Unleashing Exponential Growth
Digital Transformation Playbook: Guide to Unleashing Exponential Growth
 
The 2016 State of Digital Transformation - Altimeter
The 2016 State of Digital Transformation - AltimeterThe 2016 State of Digital Transformation - Altimeter
The 2016 State of Digital Transformation - Altimeter
 
Digital transformation masterclass june 2016
Digital transformation masterclass june 2016Digital transformation masterclass june 2016
Digital transformation masterclass june 2016
 
6 Powerful Steps To Speed-Up Manufacturing's Digital Transformation
6 Powerful Steps To Speed-Up Manufacturing's Digital Transformation6 Powerful Steps To Speed-Up Manufacturing's Digital Transformation
6 Powerful Steps To Speed-Up Manufacturing's Digital Transformation
 
Developing a Roadmap for Digital Transformation
Developing a Roadmap for Digital TransformationDeveloping a Roadmap for Digital Transformation
Developing a Roadmap for Digital Transformation
 
Moving digital transformation forward: Findings from the 2016 digital busines...
Moving digital transformation forward: Findings from the 2016 digital busines...Moving digital transformation forward: Findings from the 2016 digital busines...
Moving digital transformation forward: Findings from the 2016 digital busines...
 
Mastering Digital Disruption in Retail
Mastering Digital Disruption in RetailMastering Digital Disruption in Retail
Mastering Digital Disruption in Retail
 
The Connected: How Digital is Transforming the Traveler Experience
The Connected: How Digital is Transforming the Traveler ExperienceThe Connected: How Digital is Transforming the Traveler Experience
The Connected: How Digital is Transforming the Traveler Experience
 
Digital Transformation: What it is and how to get there
Digital Transformation: What it is and how to get thereDigital Transformation: What it is and how to get there
Digital Transformation: What it is and how to get there
 
Digital transformation in 50 soundbites
Digital transformation in 50 soundbitesDigital transformation in 50 soundbites
Digital transformation in 50 soundbites
 

Similar a Companies, digital transformation and information privacy: the next steps

The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data PrivacyGigya
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxRunning Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxtodd581
 
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxRunning Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxglendar3
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Keith Purves
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
 
Cnil 35th activity report 2014
Cnil 35th activity report 2014Cnil 35th activity report 2014
Cnil 35th activity report 2014Market iT
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONJohn Pinson
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 
Impact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesImpact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesEquiGov Institute
 

Similar a Companies, digital transformation and information privacy: the next steps (20)

The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data Privacy
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
30-31 BB Nov_Dec14 (3)
30-31 BB Nov_Dec14 (3)30-31 BB Nov_Dec14 (3)
30-31 BB Nov_Dec14 (3)
 
20140317eyinformationsupp
20140317eyinformationsupp20140317eyinformationsupp
20140317eyinformationsupp
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxRunning Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
 
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxRunning Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
 
How to Protect Your Data
How to Protect Your DataHow to Protect Your Data
How to Protect Your Data
 
Cnil 35th activity report 2014
Cnil 35th activity report 2014Cnil 35th activity report 2014
Cnil 35th activity report 2014
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
WP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTIONWP-Privacy-IoT-Era - PRODUCTION
WP-Privacy-IoT-Era - PRODUCTION
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technology
 
Impact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economiesImpact of GDPR on the pre dominant business model for digital economies
Impact of GDPR on the pre dominant business model for digital economies
 

Más de The Economist Media Businesses

Digital platforms and services: A development opportunity for ASEAN
Digital platforms and services: A development opportunity for ASEANDigital platforms and services: A development opportunity for ASEAN
Digital platforms and services: A development opportunity for ASEANThe Economist Media Businesses
 
Sustainable and actionable: A study of asset-owner priorities for ESG investi...
Sustainable and actionable: A study of asset-owner priorities for ESG investi...Sustainable and actionable: A study of asset-owner priorities for ESG investi...
Sustainable and actionable: A study of asset-owner priorities for ESG investi...The Economist Media Businesses
 
Lung cancer in Latin America: Time to stop looking away
Lung cancer in Latin America: Time to stop looking awayLung cancer in Latin America: Time to stop looking away
Lung cancer in Latin America: Time to stop looking awayThe Economist Media Businesses
 
Intelligent Economies: AI's transformation of industries and society
Intelligent Economies: AI's transformation of industries and societyIntelligent Economies: AI's transformation of industries and society
Intelligent Economies: AI's transformation of industries and societyThe Economist Media Businesses
 
Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...The Economist Media Businesses
 
An entrepreneur’s perspective: Today’s world through the eyes of the young in...
An entrepreneur’s perspective: Today’s world through the eyes of the young in...An entrepreneur’s perspective: Today’s world through the eyes of the young in...
An entrepreneur’s perspective: Today’s world through the eyes of the young in...The Economist Media Businesses
 
EIU - Fostering exploration and excellence in 21st century schools
EIU - Fostering exploration and excellence in 21st century schoolsEIU - Fostering exploration and excellence in 21st century schools
EIU - Fostering exploration and excellence in 21st century schoolsThe Economist Media Businesses
 
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...The Economist Media Businesses
 
M&A in a changing world: Opportunities amidst disruption
M&A in a changing world: Opportunities amidst disruptionM&A in a changing world: Opportunities amidst disruption
M&A in a changing world: Opportunities amidst disruptionThe Economist Media Businesses
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
In Asia-Pacific, low-yields and regulations drive new asset allocations
In Asia-Pacific, low-yields and regulations drive new asset allocationsIn Asia-Pacific, low-yields and regulations drive new asset allocations
In Asia-Pacific, low-yields and regulations drive new asset allocationsThe Economist Media Businesses
 
Asia-pacific Investors Seek Balance Between Risk and Responsibility
Asia-pacific Investors Seek Balance Between Risk and ResponsibilityAsia-pacific Investors Seek Balance Between Risk and Responsibility
Asia-pacific Investors Seek Balance Between Risk and ResponsibilityThe Economist Media Businesses
 
Risks Drive Noth American Investors to Equities, For Now
Risks Drive Noth American Investors to Equities, For NowRisks Drive Noth American Investors to Equities, For Now
Risks Drive Noth American Investors to Equities, For NowThe Economist Media Businesses
 
In North America, Risks Drive Reallocation to Equities
In North America, Risks Drive Reallocation to EquitiesIn North America, Risks Drive Reallocation to Equities
In North America, Risks Drive Reallocation to EquitiesThe Economist Media Businesses
 
Balancing Long-term Liabilities with Market Opportunities in EMEA
Balancing Long-term Liabilities with Market Opportunities in EMEABalancing Long-term Liabilities with Market Opportunities in EMEA
Balancing Long-term Liabilities with Market Opportunities in EMEAThe Economist Media Businesses
 

Más de The Economist Media Businesses (20)

Food for thought: Eating better
Food for thought: Eating betterFood for thought: Eating better
Food for thought: Eating better
 
Digital platforms and services: A development opportunity for ASEAN
Digital platforms and services: A development opportunity for ASEANDigital platforms and services: A development opportunity for ASEAN
Digital platforms and services: A development opportunity for ASEAN
 
Sustainable and actionable: A study of asset-owner priorities for ESG investi...
Sustainable and actionable: A study of asset-owner priorities for ESG investi...Sustainable and actionable: A study of asset-owner priorities for ESG investi...
Sustainable and actionable: A study of asset-owner priorities for ESG investi...
 
Next-Generation Connectivity
Next-Generation ConnectivityNext-Generation Connectivity
Next-Generation Connectivity
 
Lung cancer in Latin America: Time to stop looking away
Lung cancer in Latin America: Time to stop looking awayLung cancer in Latin America: Time to stop looking away
Lung cancer in Latin America: Time to stop looking away
 
How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation How boards can lead the cyber-resilient organisation
How boards can lead the cyber-resilient organisation
 
Intelligent Economies: AI's transformation of industries and society
Intelligent Economies: AI's transformation of industries and societyIntelligent Economies: AI's transformation of industries and society
Intelligent Economies: AI's transformation of industries and society
 
Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...Eiu collibra transforming data into action-the business outlook for data gove...
Eiu collibra transforming data into action-the business outlook for data gove...
 
Communication barriers in the modern workplace
Communication barriers in the modern workplaceCommunication barriers in the modern workplace
Communication barriers in the modern workplace
 
An entrepreneur’s perspective: Today’s world through the eyes of the young in...
An entrepreneur’s perspective: Today’s world through the eyes of the young in...An entrepreneur’s perspective: Today’s world through the eyes of the young in...
An entrepreneur’s perspective: Today’s world through the eyes of the young in...
 
EIU - Fostering exploration and excellence in 21st century schools
EIU - Fostering exploration and excellence in 21st century schoolsEIU - Fostering exploration and excellence in 21st century schools
EIU - Fostering exploration and excellence in 21st century schools
 
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
Accountability in Marketing - Linking Tactics to Strategy, Customer Focus and...
 
M&A in a changing world: Opportunities amidst disruption
M&A in a changing world: Opportunities amidst disruptionM&A in a changing world: Opportunities amidst disruption
M&A in a changing world: Opportunities amidst disruption
 
Infographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimensionInfographic: Third-Party Risks: The cyber dimension
Infographic: Third-Party Risks: The cyber dimension
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
 
In Asia-Pacific, low-yields and regulations drive new asset allocations
In Asia-Pacific, low-yields and regulations drive new asset allocationsIn Asia-Pacific, low-yields and regulations drive new asset allocations
In Asia-Pacific, low-yields and regulations drive new asset allocations
 
Asia-pacific Investors Seek Balance Between Risk and Responsibility
Asia-pacific Investors Seek Balance Between Risk and ResponsibilityAsia-pacific Investors Seek Balance Between Risk and Responsibility
Asia-pacific Investors Seek Balance Between Risk and Responsibility
 
Risks Drive Noth American Investors to Equities, For Now
Risks Drive Noth American Investors to Equities, For NowRisks Drive Noth American Investors to Equities, For Now
Risks Drive Noth American Investors to Equities, For Now
 
In North America, Risks Drive Reallocation to Equities
In North America, Risks Drive Reallocation to EquitiesIn North America, Risks Drive Reallocation to Equities
In North America, Risks Drive Reallocation to Equities
 
Balancing Long-term Liabilities with Market Opportunities in EMEA
Balancing Long-term Liabilities with Market Opportunities in EMEABalancing Long-term Liabilities with Market Opportunities in EMEA
Balancing Long-term Liabilities with Market Opportunities in EMEA
 

Último

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Último (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Companies, digital transformation and information privacy: the next steps

  • 1. A report from The Economist Intelligence Unit Sponsored by Companies, digital transformation and information privacy: the next steps
  • 2. © The Economist Intelligence Unit Limited 2016 1 Companies, digital transformation and information privacy: the next steps The Internet and sovereign privacy laws have been on a collision course for some time now, with growing tensions arising in all jurisdictions. The lack of trust burst into view in October 2015, with the European Court of Justice’s rejection of the Safe Harbour agreement, a set of guidelines that had previously been understood as providing sufficient security for European citizens’ private data to be held in or used by companies in the United States. The ruling about Safe Harbour’s inadequacy and questions about the proposed replacement agreement, Privacy Shield, which had been hammered out by EU and US negotiators, have created a legal limbo and have left companies that do business in the EU uncertain about how to proceed. Online privacy is not just a subject of transatlantic debate. Concern about these issues is gathering steam around the world, including in Africa, the Middle East and Asia. What happens between Europe and the US, however, will shape the global data-sovereignty debate for years to come—both because of the prominence of the companies headquartered in both places and because the EU is the highest common denominator when it comes to privacy issues. The outcome of the current dispute may even prompt companies to rethink the idea— largely unquestioned in recent years—that holding on to data is an unqualified good. To build greater understanding of the state of play in the development and navigation of privacy laws, the Economist Intelligence Unit (EIU) conducted in-depth interviews with legal, technical and regulatory subject-matter experts on all sides of the debate. This report explores the challenges that global businesses face when addressing the complex and fluctuating policy environment and offers a set of best practices that companies can follow to meet evolving privacy and security demands. We would like to thank the following interviewees for their time and valuable contributions to our research: Giovanni Buttarelli, European data protection supervisor Martin Fanning, partner and data privacy expert, Dentons David McCue, senior executive advisor, Xerox Zoe Strickland, global chief privacy officer, JPMorgan Chase Jeb Weisman, chief information officer, Children’s Health Fund Eugene Weitz, general counsel, Americas, at SAI Global Robin Wilton, director, Trust and Identity team, The Internet Society Introduction
  • 3. © The Economist Intelligence Unit Limited 2016 2 Companies, digital transformation and information privacy: the next steps Setting the scene A consumer who reaches the step of agreeing to a new online privacy policy often has an instant of doubt. But most consumers just hold their breath and tap the button that says “Yes, accept”, to terms and conditions—reasoning that their financial and personal information will be carefully guarded, particularly if they are dealing with a well-respected brand. They may also assume that what they don’t know (as a result of not having carefully read a privacy policy before agreeing to it) probably can’t hurt them. Companies can’t make the same decision not to engage with the details of privacy. The issues are well-known: the ever growing business benefits of understanding customers better and the huge financial and reputational risks of losing control of the data that allow companies to do so. But there are many more obscure, and no less important, risks as well. Customer records are stored in data centres, often operated by third parties, all around the world, with the centres themselves subject to a range of operational, security and legal risks. In addition, different customers are typically protected by different privacy laws depending on their nationality. The EU, where consumer privacy is seen as a fundamental right, is moving towards a set of particularly stiff fines for companies that don’t protect customers’ private information, as part of a broad new set of regulations. Within a couple of years, companies not in compliance with European privacy laws will face fines of up to 4% of their global turnover. That’s a staggering amount, putting data privacy penalties on par with antitrust fines in Europe. And even in privacy cases where the penalties are more modest, or there’s no monetary penalty at all—whether because the questionable privacy practice took place in a less-regulated region or wasn’t found to be an actual violation of the law—companies could certainly face significant backlash in other ways. “It’s a PR issue,” said Eugene Weitz, general counsel, Americas, at SAI Global, an Australian company specialising in solutions and services that help manage risk and compliance. “It’s the kind of thing that affects companies up, down and sideways,” Mr Weitz added. In the last few years, the ubiquity of cloud computing has complicated the challenge for all parties. A government might want to regulate or sanction a company that has suffered a breach or failed to protect its citizens’ private data. But if the company is located outside a country’s boundaries or if it isn’t clear in what country or region the compromised data are being stored or processed, or on whose servers, regulators can have difficulty taking any sort of corrective action or even determining which laws might apply. Companies themselves are often not much clearer about which jurisdiction’s laws they need to abide by. “You are constantly weaving through a hotch-potch of different rules and regulations, and they get very, very technical,” said David McCue, an executive advisor to Xerox’s global chief information security officer. He likened it to “the old idea of an information highway”, the difference being that on this highway, the laws vary, sometimes confusingly, depending on whose jurisdiction one happens to be in. GDPR on the horizon: Europe’s evolving regulations Europe is developing a sweeping new set of rules, embodied in what it is calling the “General Data Protection Regulation” (GDPR), to define how consumer data need to be treated in the EU. In theory, the GDPR—which will cover personal data, including names, photos, e-mail addresses, medical information and posts on “You are constantly weaving through a hotch-potch of different rules and regulations, and they get very, very technical.” David McCue, executive advisor to Xerox’s global chief information security officer.
  • 4. © The Economist Intelligence Unit Limited 2016 3 Companies, digital transformation and information privacy: the next steps social media sites—will make it possible for multinational companies to apply a single privacy policy throughout Europe. But it’s not expected to take effect until 2018. A long time to wait for certainty, thus many in Europe and the US are hoping for a ratification of Privacy Shield, the transatlantic deal that has been put forward as a near-term replacement for Safe Harbour. “We are all suffering because of the limbo,” Giovanni Buttarelli, the European data protection supervisor, said in an interview in his Brussels office. Mr Buttarelli and others acknowledged that the uncertainty is a particularly big challenge for smaller companies that don’t have a lot of resources to devote to compliance. “We cannot leave thousands of small and medium enterprises in this position for another two or three years,” he said. According to privacy law experts, companies doing business in the European Economic Area have a few options to remain in compliance. First, they can tell a European consumer how they plan to use and store that consumer’s data in a simplified privacy policy and ask for the user’s consent. Second, they can use “model contracts”, which are European Commission- mandated contractual terms for dealing with European consumers’ data. A third option is to go through a much more elaborate process of developing “Binding Corporate Rules” (BCRs) of their own. BCRs apply to all the processes and policies companies use in all of their operations and must be approved by European regulators. But they have the advantage of being custom- fit to companies’ own processes—not the case with model contracts. “You have to invest a huge amount of time into BCRs,” said Martin Fanning, a partner and data privacy expert at Dentons, a London- based law firm. “BCRs can take several months to complete but, because they are based on a business’s own governance and policies and involve dialogue with European data regulators, they are regarded by many as the platinum standard for international data transfers within a multinational group.” Mr Fanning added that BCRs “live and breathe with a business as it grows and changes”, a quality that he said makes them more robust than other legal options for international transfers. By contrast, he said, consent can be revoked by an individual, and the EU Commission-approved model contracts can be rigid and in need of regular updating. The complicated role of technology The cloud is perhaps the best known, but it is not the only technology that is complicating matters alongside offering business benefits. Since technology has vastly increased the availability of free-flowing personal data, with all the accompanying benefits and problems, it might seem reasonable to ask that technology also provide the necessary solutions. The reality is more challenging. To be sure, an encryption- reinforced file server or database (and the use of other technologies, like tokens and containers) can prevent consumers’ private information from being accessed in the first place or from being compromised if a breach occurs. That can forestall embarrassment and economic losses associated with cases of large-scale credit card theft. However, in the legal environment of the future, security systems that protect data won’t necessarily ensure compliance even if they prevent break-ins. Increasingly, privacy laws can be interpreted as requiring companies to exercise greater control over data and, in some instances, to follow rules that spell out where data must be located. Companies are having to make multiple decisions and position themselves to be in compliance with laws in many jurisdictions. Doing this successfully will take judgment and global awareness—not attributes that can “We are all suffering because of the limbo. We cannot leave thousands of small and medium enterprises in this position for another two or three years.” Giovanni Buttarelli, European data protection supervisor
  • 5. © The Economist Intelligence Unit Limited 2016 4 Companies, digital transformation and information privacy: the next steps necessarily be captured by a straightforward technology or software system. Robin Wilton, technical outreach director for identity and privacy at the Internet Society, an organisation focused on fostering the Internet’s growth and preserving its technical standards, observed that people don’t always recognise the futility of trying to address privacy issues through technology alone. He said the Internet Society sometimes gets calls from people who want it to sponsor the development of a “privacy plug-in”—an idea he considers fanciful—not realising that effective privacy protection is an ecosystem and human-relationship issue before it is a software issue. “It’s that ‘Where’s the instant fix?’ mentality that tends to lead us down the wrong road,” Mr Wilton said. The deeper people’s backgrounds in technology, the more they tend to understand that a purely digital solution isn’t feasible. As Jeb Weisman, the chief information officer at Children’s Health Fund, a New York nonprofit handling sensitive medical data, put it: “The technology can’t decide what’s private.” Instead, he said, the systems that can help companies with privacy are systems that support governance. “What I see is a set of human expectations that need to be met. And in the case of my organisation or any organisation, they need to be codified. Once they’re codified, then we can use software tools and secondarily security tools. The security tools stop breaches. But the privacy tools help us understand what’s private and manage it.” To be sure, privacy and security are intertwined—companies can’t safeguard one without investing in the other. Xerox’s Mr McCue underscores this with a warning about how common security breaches are nowadays. “If you went and spoke to any of the national law enforcement agencies, whether in the US or in Europe, they will tell you that, as a whole, companies underestimate how much of their data has been lifted, stolen or compromised,” Mr McCue said. “I have been in meetings where a particular company has said, ‘No, we’re good’, and the law enforcement representative has said, ‘Well, we have a database back at headquarters that shows two terabytes of your inside information that we’ve recovered from someplace on the dark Web. You’ve been hacked and didn’t know it.’” Looking towards a North Star for regulation In the future, companies will clearly have to understand the full range of restrictions that different localities have placed on how personal information is used, shared and stored. It’s possible that the EU’s efforts, including with the GDPR, will influence what countries in regions such as Asia and Africa include in their own privacy regulations. If that happens, GDPR may end up providing a sort of specific target that companies worldwide can aim for. Even today, though, while regulations remain uncertain, a comprehensive and thoughtful online privacy policy can be a selling point in the digitally driven economy. Mr Buttarelli, the European regulator, said he was reminded of this when he made a trip to Silicon Valley last year. Some of the start-ups he visited, instead of treating privacy as an afterthought, were making it a core part of their appeal to customers. He put this in the category of “privacy by design”, an approach to systems engineering that is fast catching on. “I don’t see any dichotomy between privacy and innovation,” Mr Buttarelli added. As companies seek their own innovative ways to build and maintain value from data despite the confusion of today’s privacy and “It’s that ‘Where’s the instant fix?’ mentality that tends to lead us down the wrong road.” Robin Wilton, technical outreach director for identity and privacy at the Internet Society
  • 6. © The Economist Intelligence Unit Limited 2016 5 Companies, digital transformation and information privacy: the next steps security regulations, the research suggests that the following approaches will likely help them navigate: l Know thyself from a privacy perspective. Businesses’ first move should be to do an audit, or mapping exercise, of their data. What data they have, how they are being used, where the data are being used and which third parties might be handling them are all areas a company must know cold. “It takes data mapping of an entire company to understand what the needs and requirements are,” said Mr Weitz, the general counsel, Americas, at SAI Global. l Build a cross-functional privacy team. By definition, a company is going to have some competing interests on privacy. The general counsel is primarily going to be concerned about protecting the company from litigation, the chief information officer about preventing security breaches, the chief marketing officer about increasing sales. The privacy function of a company can only identify the right trade-offs if it includes some individuals who can parse regulations; other individuals who understand data and technology; and still others who possess a strong knowledge of the business. l Get rid of unneeded data. In this era of the cloud, digital information and customer records have become so cheap to hold on to that many companies do so as a matter of course. This is partly a reflection of the fashion for “big data” and the sense, as CIO Dr Weisman puts it, “that the insight is just around the corner”. In fact, a lot of old customer records are “toxic data assets”, Dr Weisman said, quoting Bruce Schneier, the cryptographer and widely followed blogger. Many privacy experts advocate “data minimalisation”—having the discipline to keep only the data you need. l Find the right partners. Almost every company these days has at least some customer data stored on third-party cloud databases. “You are dependent on these companies and the services they provide to include a level of protection for your data,” said Mr McCue, an executive adviser at Xerox. As a consequence, companies should “look for vendors with very strong capabilities in the protection of data stored with them”, he said. Finding such companies is likely to become easier in the future as part of the GDPR will require IT vendors that previously bore no direct responsibility for privacy to comply with data protection laws. l Apply the “function before form” principle to your privacy initiatives. To date, the obligatory nature of how companies deal with privacy has been evident in the checklists of their policies. Consumers click impatiently through the policies because it’s clear from the way they are presented that they contain nothing of interest. This isn’t the way to do it. Long, complicated policy explanations aren’t integral to protecting consumers’ personal information. They don’t make anyone feel more comfortable. Something simpler and more functional may well work better. No matter what happens with Privacy Shield and the GDPR, the global privacy story won’t be finished. There will be other twists, perhaps influenced by developments in regions outside the EU and US. For now, companies need flexibility in their approach and options that meet different requirements in different jurisdictions. They have to find ways to be in compliance despite the regulatory uncertainty. The costs of not doing so are simply too great. Long, complicated policy explanations aren’t integral to protecting consumers’ personal information. They don’t make anyone feel more comfortable.
  • 7. © The Economist Intelligence Unit Limited 2016 6 Companies, digital transformation and information privacy: the next steps Whilst every effort has been taken to verify the accuracy of this information, neither The Economist Intelligence Unit Ltd. nor the sponsor of this report can accept any responsibility or liability for reliance by any person on this report or any of the information, opinions or conclusions set out in the report. Cover:Shutterstock
  • 8. London 20 Cabot Square London E14 4QW United Kingdom Tel: (44.20) 7576 8000 Fax: (44.20) 7576 8476 E-mail: london@eiu.com New York 750 Third Avenue 5th Floor New York, NY 10017 United States Tel: (1.212) 554 0600 Fax: (1.212) 586 0248 E-mail: newyork@eiu.com Hong Kong 1301 Cityplaza Four 12 Taikoo Wan Road Taikoo Shing Hong Kong Tel: (852) 2585 3888 Fax: (852) 2802 7638 E-mail: hongkong@eiu.com Geneva Boulevard des Tranchées 16 1206 Geneva Switzerland Tel: (41) 22 566 2470 Fax: (41) 22 346 93 47 E-mail: geneva@eiu.com