Privacy : How it is going?

 

Over the past few years, data privacy has evolved from “nice to have” to a business imperative and critical boardroom issue. Today, people are asking more questions about how their personal data is used, and they now view privacy as an important component of a company’s brand. Privacy regulations like the EU’s General Data Protection Regulation (GDPR) have raised awareness and enforcement of privacy, and this is compelling organizations to better manage and protect personal data to avoid significant fines and penalties.

• Most organizations are seeing very positive returns on their privacy investments, and more than 40% are seeing benefits at least twice that of their privacy spend.
• Strong correlations between organizations’ privacy accountability and lower breach costs, shorter sales delays, and higher financial returns.
• The percentage of organizations saying they receive significant business benefits from privacy (e.g., operational efficiency, agility, and innovation) has grown to over 70%.
• The vast majority (82%) of organizations view privacy certifications such as ISO 27701 and IAPP certified professionals as a buying factor when selecting a product or vendor in their supply chain. 

Good privacy is indeed good for business and individuals.

SS

Working parents underwater

 

Working while parenting has always been shaky. Then the pandemic hit, and whatever little structure there was came tumbling down. Suddenly, the working parent struggle was laid bare, news articles and desperate comment threads detailing parents in meetings while entertaining toddlers; working while supervising restless grade schoolers and virtual lessons; burning out worrying all if of this will go on forever. It’s never been harder to work and raise children. The ripples could be with employees for years.

·       1/3 of families have had one parent leave the workforce.

·       1-in-5 do not know whether they’ll be able to come back.

·       60% say caregiving duties stand in their way.

And for working mothers, it has been especially disastrous — a whole generation of professional women watching hard-won accomplishments evaporate and losing precious time they will never get back.

11.3 million women’s jobs lost in a single month, wiping out all their gains of the past decade.

And it is not just parents of young children at risk. American parents stand to lose even more productivity as more school districts limit how many students will return to the classroom for the upcoming school year. In fact, far from solving working parent problems, back-to-school will likely add new ones, with erratic education schedules (assuming there’s any school at all) creating constantly changing care needs which could be hardest to fix.

Yet even as the movement toward reopening workplaces rolls on, few employers have made plans. And care shortages promise to make arrangements harder for employees to find on their own. Post-pandemic, the number of available childcare spaces could shrink by as much as 50%. More than two-thirds — 23.5 million working parents— have no potential caregivers at all, putting millions of employees at risk.

2020 is a year of a lifetime. So be strong, keep patience and stay encouraged.

-SS

Working remotely - A new norm

 

In this COVID era, working remotely has become the norm. Its not only an option (or workaround) but a requirement. Whether a home, a coffee shop, a hotel, your car, or any other location, technology has allowed us to work remotely while continuing to collaborate with our peers.

There are some organizational and personal consideration for remote work.

Organizational considerations - 

• Creating a "work remotely" policy
• Securing your computer
• Protecting your network connection
• Establishing strong passwords
• Use your mobile devices only when required
• Handle confidential papers/files properly

Personal considerations - 

• Setting up a home workspace
• Protecting your personal information
• Guarding against scams

I am sure things will change post-COVID environment but it would be interesting to see how much and at what ratio?

SS

5 biggest GDPR fines so far (2020)

 

• Total number of GDPR fines - 432
• Largest fine - 50 Million Euros (Google Inc.)
• Smallest fine - 28 Euros (Google Ireland Ltd.)
• Number of GDPR fines by country
• Spain - 144
• Romania - 41
• Hungry - 32
• Italy - 31
• Germany - 27
• 5 biggest GDPR fines in 2020
• Google Inc - 50 Million Euros
• H&M Hennes & Mauritz - 35200000 Euros
• TIM Telecom Provider - 27800000 Euros
• British Airways - 21900000 Euros
• Marriott International - 20450000 Euros

This is the up to date and current list of biggest GDPR fines so far, but the list is constantly changing indicating a lot of activities from data protection authorities.

SS

Time crafting during pandemic

 

• Create a commute. Don’t just roll out of bed and head straight to your workstation. Spend 15 minutes gearing up for work — but not actually working — to give yourself mental space between your personal time and the start of your workday.

• Take work-ish breaks. This is separate from the breaks you should already be taking to completely step away from your workstation. During pandemic, the “bounce time” — the informal time at work during which people bounce ideas off one another — has largely gone missing. Allow time for breaks and gaps between the formal parts of your job to have some idle water-cooler chat with your colleagues.

• Establish an end-of-day ritual. A positive ritual at the end of the day can reinforce that you’re out of work mode and your personal time has begun. Even something as simple as planning a walk around the block or setting aside time to call a friend will work. You just want something that will be a buffer between work time and personal time you can look forward to.

• Post your schedule at home. Time management is now a communal endeavor and letting the people you live know your schedule can help everyone understand and know the boundaries between work and personal time.

The Unique Power of Sharing Emotions at Work

 

Discussing emotions at work can feel out of place or "unprofessional" for leaders and teams. And yet, everyone has feelings - anxiety about COVID, disappointments about changed plans in 2020, frustration with coworkers, family issues, and more.

Instead of being a distraction, talking about and sharing emotions at work is a key part of building a sense of belongings and trust on teams. And by helping teammates acknowledge and process their emotions, leaders can increase the effectiveness of their team, helping then to get more done, and feel better.

Sometimes, it feels odd when the other person in your office starts sharing these types of talks but the best way to handle this situation is to listen, understand and empathy. There are some people (like me) who can handle these situations and never share feelings with someone in the office. But those who are sharing means they are in trouble and wants some help/guidance/suggestions.

SS

Privacy engineering in a nutshell

Privacy engineering is the technical side of the privacy profession. Privacy engineers ensure that privacy considerations are integrated into product design. The longer answer is that it depends who you ask. Some practitioners view it as process management and others see it more as technical knowhow. Both views seem equally valid and integral. Privacy engineers today work as part of product teams, design teams, IT teams, security teams, and yes, sometimes even legal or compliance teams.

We need practitioners who understand technology and [are] able to integrate perspectives that span product design, software development, cyber security, human computer interaction, as well as business and legal considerations.

Data for Sale

 

Three things you need for your Privacy Program

 

1. Landscape:

o   Only 10% of global population is covered under Privacy regulations as of now but it would be 65% by the end of 2023.

o   In US itself, 57% of the population is covered under Privacy regulations with either passed bills (California, Nevada, Texas) or draft bills (Washington, North Dakota, New York and others).

o   Latin American countries (Uruguay, Argentina, Mexico, Brazil) are almost done with their respective Privacy regulations.

o   Asia/Pacific countries (China, New Zealand, Australia, India, Thailand, South Korea) will come up with Privacy regulation any time now.

o   Africa and Middle East countries (Bahrain, UAE, Egypt, South Africa, Nigeria) are coming into regulations soon.

o   Europe: We all know the GREAT GDPR.

·       2. Capabilities: Technology enabled Privacy Program basically follows three stages of traditional adoption –

o   Establish

o   Maintain

o   Evolve

·       3. Empowerment: Give back control to customers/people through the Privacy user experience –

o   Self Service Portal

o   Notice / Policies

o   Consent

o   Open and Transparent

 

COVID-19 recovery and Privacy

 

What a difficult year this has been. During the past nine months, COVID-19 has disrupted almost every aspect of our lives, our work and our social interactions to a degree most of us never imagined possible. The economic damage may take years to repair.

But amid all this disruption, we have also experienced an incredible digital transformation. In just a few months, we have jumped forward years in our use of advanced digital tools for interacting with one another, running our businesses, sending our kids to school and understanding what is going on in the world.

Now, as we begin to move from responding to the coronavirus crisis toward recovery, data will play an important role. Much of the data needed to make positive progress is personal information – data about our location, our health and our work. To achieve the full benefits that the digital transformation promises, people must trust their information is used responsibly and respectfully.

Creating a framework of trust should begin with these four principles:

·        Transparency about how companies collect, use and share personal information. Consumers are clamoring to understand what data companies have and how they will interact with it

·        Consumer empowerment that guarantees the right of individuals to access, correct, delete and move personal information

·        Corporate responsibility that requires companies to be good stewards of consumer information

·        Strong enforcement through a strong central regulator and vigilant state’s attorneys general offices that have the authority and funding to enforce the laws and take action to hold violators accountable

This is the best and only way to create the conditions that will make trust possible. It is also an essential foundation for building a recovery that is robust and sustainable and serves everyone equally.

Listening Techniques

 

Active communicator finds it hard to listen because they are quick to draw conclusions and jump in to pauses. This can be counter-productive in a project environment as key issues may be missed.

Connectors listen in an empathetic way and focus on the need to understand the feelings and emotions of the situation. This aspect of listening is important but it has to play a minor role in managing a project.

Logical communicators will listen for the facts and figures in the message and assess how well it fits their own opinion. This may prove problematic if the individual finds it hard to be objective about what they hear.

Thinkers are critical listeners who need to evaluate, appraise what they have heard.

Combiner will use active listening so that 100% focus is on the conversation and they questioning and paraphrasing to confirm their understanding is correct.

Who is spying on me?

 

Types of Feedback

 

Global Cloud Services Market in 2027

 

According to the report by ResearchAndMarkets.com's,  the global cloud services market was valued at $264.8 billion in 2019, and is projected to reach $927.51 billion by 2027, growing at a growth rate of 16.4% from 2020 to 2027.

The global cloud services market is still at an evolving stage and it has a good growth potential due to several driving factors. The key driver for the market is that it provides cost benefits when it is compared to conventional physical storage as it is estimated that cloud services would save 35% of the annual operations cost.

Major players operating in this market have witnessed significant adoption of strategies that include business expansion and partnership to reduce supply and demand gap. With increase in big data initiatives across the globe, major players have collaborated their product portfolio to provide differentiated and innovative products. This study includes marketanalysis, trends, and future estimations to determine the imminent investment pockets.

The US and Europe data realm

Since the Internet came into wide use in the 1990s, the USA has led the global data-driven economy. It is home to the top ten Internet brands and to seven out of the 10 Internet companies with the largest market value worldwide. These companies include Amazon, Microsoft, Apple, Facebook, Google and Intel and they provide the hardware, software and platforms for digital trade. Four US companies provide more than one half of the worldwide cloud-computing capacity. 

Although the inventor of the World Wide Web Tim Berners-Lee is Swiss and British, European governments and firms did not play a major role in the internet’s development. Today, there are no European firms among the top 15 digital firms by market value or any household names among Europe’s top 20 digital firms. Some EU members (Sweden and Germany) have strong AI, robotics, apps, and software firms. However, while Europe has many strong global competitors in the software and telecommunications sector, it is still just beginning to build new data-based firms. While the EU is the biggest exporter of digital services, US firms control some 54% of the EU’s digital market, compared with 46%for European firms. Although EU Member States consist of mature industrialized economies, their digital markets have significant room to grow.

GDPR Compliance Steps

 

Moore's Law - Big Data and IoT

 

In 1965, Moore published an article in which he observed that the number of transistors that would fit onto a circuit board doubled each year. This law is understood to say that computing power doubles every 18 to 24 month. This law is a useful way to explain the development of two of the technological phenomena emerging (or already emerged) - Big Data and IoT.

With Big Data, a new law has emerged - the amount of data doubles each year. In 2016, humans produced as much data as in the entire history of humankind through 2015. By 2025, it is estimated that amount of data will double every 12 hours.

In 2016, estimates for the number of IoT devices in use topped 15 billion worldwide, with spending on these devices approaching $1 trillion globally. In 2020, the number of wearable device shipment is estimated to be more than 200 million.Predictions are that 90 percent of new cars are connected by 2020 with estimates that a quarter of a billion connected vehicles will be on the road by this time.

US Citizens and Privacy - Interesting survey results

 

• 93% said they would switch to a company that prioritizes data privacy.
• 91% would prefer to buy from a company "that always guarantees them access to their information".
• 38% said they believe it is worth spending more data with a company with a strong privacy stance.
• 56% said they want immediate access to their information.
• 80% said they should be able to get their data back within 24 hours of making a request.
• 60% believe companies that can give users instant access to, and control over, their personal data care more about their customers.
• 70% of those who have received their personal data from a company say that it made them like that company more.
• 98% of Americans agree that data privacy is important, a finding consistent across gender and generation. 
• 59% would go so far as to admit they don’t know much about the ins and outs of privacy.
• 89% agree they wish they knew more about their rights to their personal data.
• 94% said they feel privacy will be "even more critical" five years into the future.

 3% of US citizens would switch to privacy-conscious organizations

Privacy People Categorization

 

Perceptions of acceptable Privacy practitioners vary, creating challenges for Privacy professionals. Decades of opinion surveys show that people can be categorized in three groups - 

1. Privacy fundamentalist - People with a strong desire to protect Privacy

2. Privacy unconcerned - People with low worries about Privacy

3.  Privacy pragmatists - People whose concern about Privacy varies with context and who are willing to give up some Privacy in exchange of benefits.

CCPA - Five Steps Compliance Process

 

For companies that already comply with GDPR, how to determine if the CCPA applies to a company, based on two requirements. 

1. A company must do business in California and/or doing business with companies based in California.

2. Either a company must have annual revenue greater than $25 million, or possess data on more than 50,000 California residents or derive more than 50% of its revenue from selling Californian consumer data.

Five steps compliance process - 

1. Bring California users into your GDPR protocols - Essentially, this means treating requests from these customers the same as you would for EU residents under the GDPR, with the added requirement that you must confirm receipt of Californian consumer requests within 10 days -- faster than the timeline for EU residents.

2. "Do Not Sell My Personal Information" link - There should be a link on your company's website that says "Do Not Sell My Personal Information." It should use that specific phrasing, and it must take the user to a web page where they can opt-out of the sale of their data. Once consumers opt-out, you can either create a process which excludes their data from sale, or delete the consumer's data entirely as you would when processing a deletion request under the GDPR. Both of these options meet the requirement, though the second one is technically safer and easier because it both already falls into the processes for GDPR, and also avoids the problem if a consumer's data is accidentally tagged incorrectly and sold despite them opting out.

3. Create a toll-free number for data sale opt-outs - Companies need to have a toll-free number consumers can call if they decide they want to opt-out of having their data sold -- which will then be handled in the same way as if they opted-out via your website. This number must connect them with an employee of your company that is trained to receive these requests, including informing consumers about their rights under the CCPA -- it's fine if this employee overlaps with the employee trained to respond to GDPR requests, too. The line can be staffed within your company's normal operating hours.

4. Update your Privacy Policy - You must add a statement regarding the rights of California residents to opt-out of the sale of their data to your Privacy Policy. This statement is required even if your response to opt-out requests is to fully delete the data as you would under GDPR. As a part of this, you also must revise the phrasing on your GDPR statement in your Privacy Policy to make it clear that the policy applies to Californians as well. You need to add a description to your Privacy Policy explaining how you will inform consumers of updates to said policy.

5. Update your Privacy Policy every 12 months - It's required under the CCPA that you review and update your Privacy Policy every 12 months, and to note in the Privacy Policy that you've done so. The easiest way for a California regulator to decide you're not in compliance with the CCPA is to look at your Privacy Policy and see that you haven't updated it in the last 12 months, or you haven't disclosed the last time you've updated it. The most important thing here is to change the date of your last review and update. That doesn't necessarily mean you have to change anything else if there's nothing that needs changing -- it can be as simple as reading the policy through and changing the date.

Privacy landscape and compliance

The Privacy landscape is growing more complex. Just couple of years back, it all started with GDPR, followed by Brazil Privacy Act, EU ePrivacy Regulation, Swiss Data Protection Act and the much awaited CCPA. There are upcoming US Regulations also where 14+ US states are working to publish the Privacy regulations. In a broader spectrum, there are over 120 countries who already have or are implementing new data Privacy regulations.

The interesting part of the this is that nearly half of all organizations are currently failing to comply. The organizations face a lot of challenges on this front of compliance –

·       Limited expertise

·       Increased risk

·       Complexity

·       Global reach

·       Lack of precedent

In fact most of these “non-compliant” organizations are not at all aware that this non-compliance is really expensive. It could result to business disruption, Loss of productivity, Revenue loss, Fines/penalties/settlements and reputation impact.

Implementing Privacy management/operations/compliance activities is not a “one size fits all” technique. Organizations need to access the current environment, protect the data, sustain with the processes and respond to customers queries/rights.

-SS

Pay if you want News with quality and truth

This is interesting. While browsing today, I found one interesting banner message.