Data privacy challenges will increase in 2020 with actual enforcement
Since 2010, we’ve seen a variety of news surface about how our data is handled, shared, sold and used for Facebook retargeting ads, political election campaigning or to help us learn our ancestry. Data has given us customization but also exposure, and businesses, law enforcement, and law firms have begun to demonstrate how useful it can be - whether in a legal proceeding or during an employment hiring process.
Not only has the amount of data increased, so have the devices and applications using it. From our television and movie streaming platforms, our mobile phone emails and texts, to our computer usage - desktop or laptop - our everyday devices carry information about our digital activity but also our banking information, credit card numbers, demographic, hobbies/interests, medical information and more.
Our digital identity is strewn across devices, software, and applications and if we don’t know what exists or how it can be found, we are leaving a wealth of information unprotected.
Taking this all into consideration, here are three data privacy changes that we’ll see in 2020:
The use of social media data during employment lawsuits, insurance investigations and employee perception will grow increasingly relevant. In 2020, we will see both companies and law firms increase their aptitude in navigating how to properly, and legally, collect and analyze social media as part of employee background checks, juror voir dire, school safety exercises, insurance fraud detection and legal proceedings to name but a few use cases. The rules of engagement between an employee’s social media activity and an employer are now blurred, creating the need for new standards to handle the rapidly expanding landscape of social media data.
Privacy Regulations with Teeth
The amount of data companies create and have access to continues to grow exponentially, but very few companies enjoy compliant, “hygienic” data, which has already started causing massive issues in the context of cyber events, GDPR and CaCPA. In 2020, we will see many of these companies who are woefully unequipped to even know what PII resides on their corporate systems and where. These companies will begin getting hit in earnest with fines in the EU and US, leading to strong growth in privacy technology. 2020 will be the year companies begin realizing they can’t continue in the PII “wild west” and act on it.
A very key dynamic of the GDPR and CaCPA is that the private citizens of the European Union and California will have an active role in its enforcement. Unlike many regulatory regimes, where a relatively small handful of government regulators infrequently enforce the rules, organizations that store information on EU or California citizens will face about 340 million regulators, which is a rough figure of the adult population in the EU and California. These citizens can make requests at any time to have data deleted in place through the right of erasure as well as make other requests regarding the usage of their personal data.
Even more importantly, both the GDPR and CaCPA provide mechanisms for a private right of action. Regulations which provide a private right of action, including the ability to bring a class action lawsuit, are exponentially more impactful than the vast majority of regulations which do not.
We’ve already seen an increase in distributed, remote workforces in virtually every industry, but from a cyber and privacy perspective, companies will be responsible for their customer and employee data when employees are using a variety of devices, tools, public spaces, and more. The importance of managing and protecting data across these complex, ever-changing hybrid data environments will become increasingly important as companies will be held accountable.
In 2020, systems and processes will be created to manage the breadth of data accessed by employees well beyond their company’s IT tools. We will see comprehensive technology pop up to manage virtualized, distributed workforces in a way where employers can monitor and analyze their privacy in real-time.