For security, privacy, identity and digital transformation professionals, the occasion of Data Privacy Day is perfect for pondering the big issues, like: Has anything actually changed since last year? From where I sit, organizations have actually become more #PrivacyAware because they’ve had to, just to survive. The regulatory stakes are increasing rapidly, with the General Data Protection Regulation bearing down on every organization serving EU citizens and other regulations like PSD2 also having an impact. But the business stakesare also rising, with digital transformation remaking even the most “atom-based” of companies, leaving big consumer-trust question marks everywhere.
“You’re in the hospitality business? Great, my mobile phone is now a room key so I never lose them again! Um, so who sees all my room ins and outs, and are you tracking me everywhere else?”
“You make smart glucometers? Great, you send all my readings into the cloud for easy aggregation and transmission to my doctor! Wait a minute… Are you sending my health data to my employer without my okay?”
The two sides of the data sharing/data privacy coin are finally being seen as stuck together in this digitally transformed, Internet of Things-enabled era. Customers, patients and end-users of all stripes are firmly connecting these experiences to the question of trust.
In the finance and the healthcare worlds, the trend is towards open application program interfaces (APIs) for interoperability between organizations: “open banking APIs” in the former case, and APIs such as Fast Healthcare Interoperability Resources (FHIR) in the latter. Consumers of products in these areas already know they want access to the data that’s related to them and use it for their own benefit. One recent survey discovered that “almost two-thirds of Australian consumers believe transactional banking data belongs to them and not their bank, while 88 percent already know they want to control access to the data that’s about them.” (Honestly, as a regular human being vs. an IT person, what would you say?) And our long-time mantra about building trusted digital relationships — no more data about you without you — originally came from the healthcare world.
This is why ForgeRock has once again sponsored Data Privacy Day. We believe that “Respecting Privacy, Safeguarding Data and Enabling Trust” has to be a strategic effort on the part of not just risk managers, but also — and perhaps especially — digital teams looking to build relationships with users based on trust. Too often, for example, it’s easy to forego the option to ask for consent or give options for users to control their own data sharing even when it’s exactly the right answer.
There’s lots going on around “the Day” this year. I’ll be appearing, along with privacy luminary Michelle Dennedy and many others, at the official Data Privacy Day event at Twitter HQ in San Francisco on Thursday, Jan. 26. The event will be streamed live for the world to watch; you can register to view it here. And I’ll be at RSA Conference talking about “Designing a New Consent Strategy for Digital Transformation” on Thursday, Feb. 16. In this talk I’ll present a whole new classification system for consent types. Hope to see you there!
To learn more about how ForgeRock is helping organizations to address their data privacy challenges and build trusted digital relationships with their customers, visit our website.
About the Author
Eve Maler is vice president of innovation & emerging technology in the Office of the Chief Technology Officer at ForgeRock.