The digital revolution has created a giant leap forward in technology, but it has taken a toll on individuals’ privacy. The digital world has existed for decades, and still most of us know very little about the extent to which our privacy has been invaded. For example, we may wonder how TV ratings come about when no one has ever contacted us directly regarding our viewing and/or listening habits. The truth is, when a person has his or her television or radio on, companies are collecting digital signals that reveal their viewing habits without them knowing. Ratings drive advertising revenue, determining where companies place their marketing budgets. Their business relies on our data.
Commercial enterprises, political campaigns and governments gather individuals’ personal data and use descriptive, diagnostic, predictive and prescriptive analytics to determine past and future patterns.
Digitization makes information discoverable forever. When an entry is made in the digital world – an inquiry or click on a website – a digital fingerprint remains. People have been sending emails and texts for decades without fully realizing the digital imprint they leave behind, even after the communication is deleted. Increasingly, we are aware that these communications can be used as evidence in lawsuits, considered as reference points by employers or scrutinized for national security purposes.
While individuals may acquire limited privacy rights with the often-encountered language prior to the “I agree to the terms and conditions” clause on the internet, these rights are eroded by the limited recourse people have if confidential information is jeopardized by cyber-attacks. Recovery of information and privacy is often minimal in these cases.
And while privacy laws dictate what information can be collected from website visitors and mandate that sites post a privacy policy, according to Reuters, “There is no single law regulating online privacy. Instead, a patchwork of federal and state laws apply.” And these laws rarely stop security breaches. An increase in cybersecurity attacks on companies like Experian, Target, Marriott and on entities like the U.S. elections has cost hundreds of millions dollars.
Of course, it is possible thwart attacks with sophisticated cyber prevention programs. To protect their customers’ privacy, enterprises must continually enhance their cybersecurity plans. Organizations today must develop a threat playbook and clearly communicate it to employees, contractors and temporary contractors at their start date and on an annual basis. Website visitors are not exempt from knowing a company’s security and privacy policies.
If a cyber-attack does occur, entities must quickly take action to mitigate the threats and make plans to prevent future occurrences and communicate to those effected as to the event and what they must do for next steps to prevent further loss.
ISG helps enterprises conduct security assessments, build control frameworks, and find and negotiate successful relationships with domain-specific security providers. Contact us to discuss how we can help you protect your customers’ privacy in the digital era.
About the author
Paul Schreiner is a Partner in the Insurance practice at ISG with a focus on advising on transformation initiatives. Paul is an IT Sourcing and Vendor Management thought leader with over 25 years of experience working with shared services, outsourcing, and managed service delivery models. He has a strong combination of IT and Finance experience which he has leveraged to successfully develop and lead diverse programs focused on strategic sourcing, complex transformations, process redesign, large contract implementations, and benchmarking initiatives. He is able to work globally across functions to improve overall organizational efficiency and effectiveness with a focus on delivering measurable results.