You don’t have to search far to find cybersecurity predictions for 2019, but what about predictions for data privacy? 2018 saw glaring abuses of personal data along with regulations meant to curb that abuse – namely, the implementation of GDPR and the passage of the California Consumer Privacy Act (CCPA).
It’s easy to predict general privacy principles – be they in law, regulation, or best practices. Instead, I’m going to make some predictions at a more granular level, which is something that’s been missing in the public discourse.
So, without further ado, here are my predictions concerning data privacy in 2019:
- The Rise of the CISO and CTO – In 2019, CISOs, CTOs and other technology executives will own the selection and implementation of data privacy automation solutions. CPOs will still play an important role, but most CPOs still report to the legal department and are not privy to the technical hurdles in continuously monitoring a company’s data landscape. Privacy is a data issue, and that’s the responsibility of the CTO and sometimes the CISO.
- The Data Protection Continuum – Privacy and security will start to be seen as a Data Protection Continuum, with privacy telling you “what” is important and “why,” and security telling you “how” to protect it. In reaction to harsher regulations, the default approach is to lock all data down, making it unusable. Privacy adds precision and purpose to security controls, giving companies a scalpel instead of a sledge hammer to protect their most important assets – customer and employee data.
- Privacy vs. Data Industrial Complex – In 2018, the most talked-out violations of privacy have been what Tim Cook calls the dark side of the “data industrial complex” – an industry dedicated to learning as much about people as possible to monetize that information. In 2019, organizations will recognize they need to be concerned about the private data they hold – even if they themselves don’t intend to monetize it.
- Growth of Data Privacy Automation – In 2019, what is now an emerging market will gain traction and experience exponential growth in demand, need, and use. People will realize that automation at the data layer is the only feasible way to ensure continuous compliance related to data privacy laws. Without automation, companies are forced to rely on manual processes such as surveys. Surveys only capture a single point in time, are riddled with errors, and leave companies in the dark about the amount of private data they actually have. Data privacy automation helps companies produce evidence about what private data they have and how it is being protected.
While we can expect much more dialogue on privacy policy, I also expect more attention on these granular aspects of privacy. Privacy is a data problem so viewing privacy and security as a continuum is crucial to ensuring that you’re actually safeguarding an individual’s personal data.
