It’s Time to Radically Overhaul Approaches to Data Privacy

Share this post:

It’s an article of faith among many that Millennials aren’t concerned about privacy, but a recent survey of people between the ages of 16 to 35 in the United States and the United Kingdom showed just the opposite. Eighty percent told interviewers from Atomik Research that it was “vital” or “very important” that personally identifiable, financial, and medical data be shared only with people and organizations they authorize to see it.

At the same time, the various European data privacy laws and the new European data privacy regulation, that is in the final steps for entering into force, generally require companies to tell individuals what information about them is being collected and how it will be used, and, often, to get their consent. In some cases, the restrictions even apply to records that have been stripped of individuals’ names.

To me, these two data points send a strong message to any business that uses data about customers or potential customers to analyze market trends or personalize their marketing pitches: It’s time for data privacy to take center stage. At IBM, we believe rapid, data-driven innovation should not spell the end of individual privacy.

After a period of openness and relatively lax controls as the Internet developed and flourished, the laws and societal norms concerning personal data privacy are becoming much stricter–which means marketers and retailers must radically overhaul their approach to privacy. They have to set, follow and document compliance with strict policies for gathering and using data, and for protecting it from those who would steal it.

I have come to this conclusion because of my role as IBM Research’s worldwide leader for the retail industry. My team developed an indoor location tracking solution, now a formal IBM product call Presence Insights, that enables retailers and other venue owners to understand the contextual location of shoppers inside their stores so they can send targeted offers in real time to the shoppers’ smartphones, to improve customer service, and in general to improve the customer experience and employee efficiency. While working with customers on this solution I was often asked to provide both guidance and technical solutions for ensuring customer privacy.

As a result, my new project is developing an enterprise-scale data privacy and consent management system that helps organizations set and follow privacy policies and avoid violating the trust of their customers. The technology models relevant laws and social norms and maps them to each personal data record an organization collects. Each time somebody attempts to access a piece of data, the technology automatically checks to see if it’s permitted by the company’s policies and consented to by the individual involved. When data is accessed and used, the system records it. The enterprise is able to capture an audit trail that documents everything that happened to a particular piece of information.

At the same time, the technology provides customers with more control over how and when information about them is gathered and used. It’s no longer all or nothing.

For example, consider how the technology might work with a fitness app. Using the app, an individual can set and track goals, record results, and measure improvements in fitness and health. Within the user interface, she can opt whether or not to share workout results with her friends, health information with her doctor, activities with the maker of the app and health data with medical researchers. In each case, she can be very specific about what she’s willing to share and how it may be used.

Gaining access to an immense amount of customer data can be a bonanza for businesses—or a disaster. Eighty percent of consumers say they would rather purchase from companies they believe will protect their privacy. Also, if companies establish themselves as trustworthy stewards of their customers’ data, individuals are more likely to share additional information in the future.

Today, a credibility gap exists between many companies and their customers. That’s unsustainable. But with a new commitment by enterprises to safeguarding personal privacy, combined with a new generation of more sophisticated data privacy tools, that gap can be closed—enriching the relationship for seller and customer alike.

——-

Sima will participate in a Twitter chat today focused on data privacy issues sponsored by StaySafeOnline.org. Get tips for protecting your personal information and owning your online presence and learn how you can take action in support of the #PrivacyAware effort. Join at #ChatSTC at 3 p.m. US Eastern time. Learn more here. Also, here’s a link to an article she wrote (with colleagues) about privacy in the retail industry.

——-
Join IBM cryptographers for a live privacy Webinar on Data Privacy Day, January 28. The Webinar will cover a different IBM privacy technology, Identity Mixer, which makes data privacy easy to deploy on both websites and mobile apps — and it’s all free for testing in the IBM Bluemix cloud. For time zone listings, the agenda and participation details visit this Web page or ask questions on Twitter with #IdentityMixer