Data privacy is a global hot topic encompassing users, companies, and exposed systems

US FTC Chairman Joe Simon announced Google agreed to pay a US$170 million fine to settle charges that YouTube illegally collected and shared data from children without consent of parents. (Photo by MANDEL NGAN / AFP)

Data privacy and why enterprises should pay attention

  • Asia is starting to demand better data privacy
  • Multiple solutions and strategies exist for enterprises
  • Data collection should be designed around security and privacy

Data privacy is increasingly drawing attention globally, and the Asia Pacific (APAC) region is no different. What can companies do to ensure the digital rights of users are protected?

For years, companies like the Big Tech firms have been brazenly exploiting user data without their knowledge,  including in places where regulations and laws on data collection and its security were often not enforced.

Demand for better data privacy and security

The 2018 Cambridge Analytica scandal played a pivotal role in bringing data privacy issues to the fore. As a result, consumers grew more cognizant of data breaches, intrusive advertising tactics, and ongoing security issues. Following this, regulators and authorities started paying more attention and clamped down more often on unethical data collection practices. 

Brazen, unchecked data practices are increasingly being scrutinized, criticized, and flagged by consumers and regulatory bodies alike. This has incentivized more companies to better protect, and give consumers control of their data. 

It is imperative that companies adhere to practices that ensure data is well-secured, and privacy is protected, as laid out in the KPMG report Privacy Technology: What’s Next? which sheds light on what enterprises can do to stay data-relevant in a rapidly digitized world.

Data privacy strategies and solutions for enterprises

Whilst companies still need to collect data, a transparent approach to how data is used, stored, and shared will build consumer trust. Data preferences may be synced across web assets to inform better marketing strategies, and privacy integration into existing marketing technology can be automated with the right solutions.

It is also not enough for companies to merely remove identifiable information from their web assets – anonymous use needs to be kept fully anonymous. Two approaches to ensuring this include differential privacy, and creating synthetic data with machine learning (ML).

Companies can also harness the power of artificial intelligence (AI) to enhance existing privacy-protecting automation, such as vendor management, cookie and consent monitoring, and data management practices. However, companies should exercise due diligence to ensure that AI and ML systems are developed well enough to reduce bias and discrimination.

Privacy dashboards or a centralized preference management tool will allow users to manage privacy preferences from a central location. Features that can be offered include: how personal data is used, gathered, and whether users are able to fully delete or update their data. Whilst some solutions offer the deletion of extracted information, there is room for the development of real-time data deletion and amendment.

Privacy Enhancing Technologies (PETs) will assure users that their personal data is protected while data analysis is performed. Two mechanisms that enable this include homomorphic encryption and Secure multi-party computation (SMPC).

It is often necessary to limit access to restricted data, such as within a hospital or where proprietary technology is stored. Data Access Control, replacing Role-Based Access Control, is designed around privacy protection whilst specifying how personal data will be used when accessing certain data elements. Distributed ledger technologies such as blockchain can be a great way to enable this.

Key considerations for enterprises

Before enterprises embark on choosing security and solution vendors, an assessment should be made to identify the specific needs of their systems. It is important for companies to have IT staff with the technical expertise to advise management and to work closely with vendors to ensure purchased solutions are appropriate, efficient, and effective for the company’s needs. 

Trained technical staff should be able to fully understand the technical specifications of these solutions, assess how these solutions can abide by laws and regulations, and whether there is scalability to the solution when regulations or technologies change. Some other considerations include its ease of use, the suite of product offerings, and long-term sustainability.

What’s next?

Regulations can only do so much. The General Data Protection Regulation (GDPR) may work in the EU, but other regions or countries may have their own sets of laws or regulations, or may barely have any in place (such as in Southeast Asia). Furthermore, regulations may not always catch up to advances in technology.

It is important that companies approach data collection and retention methods through an ethics and data privacy-first framework as this will help to ensure that trust exists between staff, customers, and partners. In the same vein, institutes of higher education should offer more options to educate students across multiple disciplines on the importance of digital rights in order to build a more privacy-focused and security-sensitive workforce of the future.

The public and private sectors can also step up to work together to devise adequate regulations to protect consumers, and foster technological innovation to increase the range of customized or appropriate services for this growing market of clients.