onsdag 2 maj 2018

Allowing GDPR change the world into a better place

ForgeRock is in the business of providing the necessary enablers to safeguard consumers personal identity information, yet allowing companies to customize and tailor the user experience and establish and maintain trusted digital relationships with technologies such as progressive profiling during self-service registration and thru out each login.

In the light of all the recent scandals, its it an absolute must for companies to implement state of the art software technology to ensure that the data trusted with companies is safe, secure and declared what the intent behind the collection of this data is all about.

How many of you read the user agreements that big companies forces you to accept for services that you utilises? This could be companies like Spotify, Apple or Facebook.

Often we are talking about 35-40 pages of lawyer-talk that is anything from simple to read and would require most people, young and old, to use magnifying glasses since the font size is so small that its impossible to make any sense of it. Many of these agreements often signs away liability and the right to the photos of your children, the latest barbecue with friends or collected metrics on how fast you ran 5k's over the weekend to the companies behind these services.

In many of the agreement you give away the right to file lawsuits against these companies or engage in any form of class act lawsuits should there be a breach of trust or misuse of the data you have entrusted these companies with.

Cambridge Analytica managed to access not only the once who signed up for the "This is your digital life" application but also their friends connected to them on Facebook. They managed to harvest personal information of possibly somewhere in the range of 50 million identities when the first reports came back in March, and use that to target political campaigns and adds in the United States and Indonesia. Who knows where else these type of activities have been going on with collected data from unknowing users?

As i was reading last night the number of users caught up in the Cambridge Analytica scandal that kicked off the latest round of scrutiny into the world of social networking - now stands at a staggering 87 million. As for the market cap of Facebook, it shed 22 percent of its stock and lost over $100 billion in market cap since the Cambridge Analytica revelations and with it also affected other prominent technology stocks along with it.

The other day i got an email from TaskRabbit, who apparently had a major data breach where personal identity information had been leaked. I must have signed up long tie ago out of curiosity and totally forgot about it - yet trusted them with pockets of my personal digital identity information, which is now in the hands of third parties.

Is private information safe with companies such as Facebook? What have we actually agreed to share and with whom and for what purpose?

Your personal identity information is your asset and companies profit on that. Everywhere you go, you leave an exhaust of personal information. Your smartphone tracks every step you go, every place you visit combine that with wearables such as Fitbit and smart watches where vital body metrics get captured and sent off.

I would argue that no consumer knows what their data is used for and with whom its shared and trust in these companies are dropping everyday.

Currently there is a stand-off happening, but fortunately things are about to change, atleast for european consumers with the enforcement of GDRP (the General Data Protection Regulation) on May 25th, 2018. Hopefully this will stir up this stand of and give control back to consumers.

GDRP is a great reminder to businesses that people lend their information and that organizations have a responsibility to look after it. It is not just about confidentiality, it is also about integrity, accuracy and availability, all in all being summarized to what should be and in my ears, is good business practice. You want to do your business with companies that can be trusted - not the sketchy ones that sells your data or shares it with third party or hides what they collect about you.

Companies have purposefully harvested information from their own staff and their customers and included in small print and lawyer talk, their right to reuse that information for purposes not originally intended - this is of course NOT ok!

With all these scandals and breaches of trust occurring back to back on a more or less daily basis, awareness is building among consumers. People are in fact concerned about how their data is being used, that their data is secure and that they have the ability to review what is known about them and that they can choose to opt out as shown by a recent survey published in the Economist.

  • 9 out of 10 are concerned about identity theft and fraud!
  • 89% are worried abou tthat their data is not kept securely by the providers.
  • 3 out of 4 are concerned that small invasions of privacy leads to loss of civil rights. 
  • 89% are worried their data is being shared with third parties that they have not consented to share with. 

Consumers demand disclosure from companies on how and why their data is being collected, what its being used for and for what purpose.

Now, even if companies must adapt new processes and implement better controls which can be costly, it is a great opportunity. An opportunity to long term establish healthy and sound, trusted digital relationships with their customers.

  • Clear, transparent and accessible information on how you process personal data will lead to public confidence in your organization. (People will tend to trust you more and also be more forgiving)  
  • Data volume reduction - as GDRP is being enforced, there will be a drive to reduce the data volumes which will turn into vastly reduced cost and operational inefficiencies associated with keeping masses of redundant and obsolete emails and files on corporate servers - in the cloud or on prem. 
  • Data quality - we all know data ages very quickly, even records that are months old can be completely out of date and storing and sifting through this mass of unstructured data mess wastes resource time and storage space. GDPR ensures information is only kept as long as it is valid and for the purpose it was gathered. 
  • Security - With data breaches hitting the headlines daily, GDRP will ensure you must adopt better policies with Data under management - benefiting both your reputation and your endu users' data.

    and finally....
  • Trust - As companies adopt better data policies to compy with GDRP, the overall trust level between companies dealing with each others' information will rise. 

So despite what we typically think about regulatory requrements, i personally believe that GDPR will bring something good to the table. Both for consumers who will enjoy a better protection knowing that its a legal requirement to manage their personal identity data safe, secure and with integrity but also from a corporate point of view who wants to act and be seen as serious companies that deal with their customers with out most respect. View GDPR as an opportunity to change the world into a better place!

Inga kommentarer:

Skicka en kommentar