As 2020 and its many unexpected woes fall into the rearview mirror, it may be tempting to simply take stock of the wreckage.
Instead of dwelling on the past, however, business owners and stakeholders must do what can sometimes seem impossible: look to the future, bright-eyed, grateful for all the opportunities the new year will provide.
Of course, to simply forget 2020 happened would be impossible – the year, perhaps more than any other this century has drastically changed the way we live and work. This has had some major consequences for data privacy – in light of that, we have 5 data privacy predictions for 2021.
A special thanks goes out to Forrester, whose Predictions 2021 piece inspired much of this one. It’s very worth a read – check it out.
1. More privacy legislation
In all likeliness, you’ve already encountered some data privacy legislation. The EU’s GDPR and California’s CCPA have both had major impacts on the data privacy ecosystem. You’ve likely seen plenty of notifications about cookies – those are a direct consequence of the GDPR and the ePrivacy Directive.
Legislation like this is going to continue pouring out from nations around the world in 2021 – India, for example, is expected to have a privacy law go live in 2021, while Brazil enacted their data privacy law in late 2020.
According to Gartner, by 2023, 65% of the world’s population will have its personal data covered under some kind of modern privacy regulations.
The country to monitor right now is the UK – with the absolute chaos of Brexit, it’s hard to predict how their data privacy laws may change. As it stands now, Brexit would mean the rules of the GDPR are no longer binding in the UK.
This could mean a lot of contention between EU nations and the UK over internationally shared data services – it may also mean Britain will be quick to enact new privacy laws to keep in line with what other European nations are doing.
2. More privacy lawsuits
When you see an uptick in regulation, you inevitably see an uptick in lawsuits, as actors, either ignorant or malicious, fail to meet new standards. Individuals, customers, data subjects, consumers, or whatever you might call them, are also becoming more aware of privacy laws – and of privacy violations.
For companies interested in guarding their reputation and avoiding fines, the lesson is clear – get consent from users and provide data privacy controls, or face the consequences.
Employee privacy and protecting personal data of employees will also come into focus. As Forrester predicts, in 2021 we can expect employee privacy lawsuits to multiply which means companies will have to implement privacy by design when processing employee personal data.
3. More insider threats
We’ve managed to make it this far in a data privacy article without talking about work-from-home; that may be some kind of record.
All kidding aside, there’s a lot of talk about how work-from-home has made our networks less secure. This talk is usually focused on external malicious actors preying on ignorant users. What we don’t talk about is how these unsecured networks are even easier for malicious internal actors to exploit.
An uptick in insider attacks is also likely if employees feel like their job security is at risk – they may see company data as a bargaining chip, or an easy way to make some illicit cash.
A two-pronged attack is thus necessary: protocols in place to secure data from insider attacks and a company culture that promotes a sense of job security and satisfaction for employees.
Many businesses will outsource their IT needs after COVID-19 for a variety of reasons; these businesses should ensure that proper security protocols are in place so that any in-house IT staff they lay off won’t have access to company data.
4. More cautious users
More privacy regulation, more privacy lawsuits, and an increased focus on data security – add all of this up, put it in the news, and you suddenly have a much broader awareness of the importance of data privacy.
Then, throw a couple of scandals in the mix – something like Cambridge Analytica – and you get a huge influx of users who are being very careful about their data.
Companies without strong privacy controls may lose users – that’s a natural consequence of this heightened awareness. To combat this, companies should make clear which third parties may be able to access data, and give clients full control over what cookies they enable.
5. Data privacy automation
With new privacy laws being developed on a seemingly daily basis, and those laws varying so much from region to region, it can be extraordinarily difficult for most companies to keep up.
This has led to developers creating software to automate data privacy, from handling privacy requests to consent and preference management. In 2021, we can expect the trend of data privacy automation to continue. More companies will purchase automation services, and new software will be developed.
If 2020 was a year of rapid changes, 2021 will be the year in which we evaluate which of those changes will stick around. Work-from-home probably isn’t going away tomorrow, and neither are the privacy concerns of consumers and legislators. Businesses would do well to keep privacy in mind in the new year.