The Case for Privacy Risk Management

Over the past few years, there has been a massive cultural and legal shift in the way consumers view and secure their personal data online that’s in line with the rise of advanced technologies like artificial intelligence.

Concerned by an increasing rate of incidents that range from the 2017 Equifax hack to the scandalous Cambridge Analytica gaming of consumers’ social media data for political purposes, policymakers have begun to strike back on consumers’ behalf.

Europe’s General Data Protection Regulation (GDPR), the landmark privacy legislation that went into effect May 2018, was the first large-scale effort to offer consumers more legal protections. Given the absence of a comprehensive federal privacy law, the California Consumer Privacy Act (CCPA), which will come into force on 1 January 2020, marks the first similar step in the United States. Similar laws are being pursued in a handful of other states.

For more than two decades, the Internet and associated information technologies have driven unprecedented innovation, economic value and access to social services. Many of these benefits are fueled by data about individuals that flow through a complex ecosystem—so complex that individuals may not be able to understand the potential consequences for their privacy as they interact with systems, products and services.

Organizations may not fully realize the consequences, either. Failure to manage privacy risks can have direct adverse consequences for people at both the individual and societal level, with follow-on effects on organizations’ reputation, bottom line and prospects for growth. Finding ways to continue to derive benefits from data while simultaneously protecting individuals’ privacy is challenging and not well-suited to one-size-fits-all solutions.

According to Bernhard Debatin, an Ohio University professor and director of the Institute for Applied and Professional Ethics, the first problem is that there has (Read more...)