January 28, 2016 By Cindy Compert 4 min read

This time of year, predictions abound.

I decided to go out on a limb and make a Super Bowl prediction to kick things off. I asked my resident football expert, my 14-year-old son, two questions: “What is a prediction?” and, “Who is going to win the Super Bowl?” His answers: “You use your data to predict what’s going to happen.” Indeed, I agree. Predictions are based on a combination of knowledge, experience, opinions and a bit of wishful thinking.

Because I do not have the knowledge or experience in football, and my wishful thinking of having a winning team in Los Angeles is at least a year out, I’ll use my son’s (wishful thinking) prediction: “The Patriots!” I hasten to add that he made this prediction just before they lost to the Broncos by a scant two points, but it was an educated and valid prediction nonetheless. One thing is for sure: My track record on data privacy is vastly better than for football.

In honor of International Data Privacy Day, I’m going to share my seven predictions on the future of data privacy for 2016, plus a bit on data security since the topics are so intertwined in the technology world. This past year, I logged thousands of miles visiting with clients all over North America and attending conferences. I have also spent a lot of time researching, reading, collaborating with thought leaders and talking with our developers and researchers. So here’s my amalgam of predictions and trends for 2016.

1. You Will Learn a New Acronym: GDPR

The General Data Protection Regulation (GDPR) will replace the current EU Data Protection Directive, phasing in over the next two years. This new regulation will enact stricter guidelines on getting consent for data collection, individual profiling and more comprehensive definitions of sensitive data. It all points to a new imperative to manage data at a granular, data-element level by understanding where the data is located, where it flows, with whom it is shared, what consent is given and when data must be deleted.

What are the implications? Consider managing data at an element level. Identify, track and audit everything — especially any applications that collect highly sensitive data such as biometrics, genomics or health information.

Read the Interactive Solution Brief: Ready, Set, GDPR

2. Data Privacy Will Become a Key Driver in IoT Adoption

Mobile has become the face of the Internet of Things (IoT) for consumers. Smartphones also function as IoT devices and generally have 10 sensors or more — not only for location tracking, but also for monitoring things such as environmental conditions, your mood and your heart rate.

While consumers are adopting new devices where they see value, they are also becoming increasingly wary about data collection and sharing. They expect transparency.

Two recent studies back this up: First, the IoT Privacy Index found 80 percent of users felt the benefits of smart devices did not outweigh privacy concerns. Additionally, more than 85 percent wanted to know more about how their data is collected before using a device.

Second, in a recent Altimeter Group study, 78 percent of respondents expressed discomfort with companies selling their personal data. Nearly half had very low to no trust that connected device data is being used securely and privately.

Consider how you manage consent with regard to data collection and distribution. Provide clear and simple transparent choices around data sharing in exchange for providing value — it builds trust.

3. Big Data, a Big Breach and a Big Deal

I expect we will see the first big data breach in 2016. It’s long overdue. As Hadoop, Spark and others go mainstream and more organizations centralize data for advanced analytics, attackers will advance their skills with Hadoop and NoSQL to keep up.

Big data going mainstream means it will also move out from highly secured, isolated sandboxes to more exposed production environments and the cloud, which means activity monitoring will become more critical.

4. Cloudy With a Chance of Data Leaks

I also expect we will see the first highly publicized cloud breach. In the gold rush toward cloud, I’ve observed that hosting vendors have inconsistent approaches to security and privacy. Due diligence is critical in deciding to partner with a cloud provider and putting your most critical data in someone else’s hands outside your four walls.

Even with the best security, you can still have insider breaches, on the cloud or elsewhere — again, another reason for activity monitoring, whether on-premises or in the cloud.

5. You’ll Learn Where Your Data Is — Always

As analytics moves toward the cognitive realm and self-learning systems make decisions at the speed of processing, there will be more of a push toward managing data in flight — especially sensitive data that is derived or calculated and never stored.

How do you secure and share this data? Implement privacy policies? Ensure that consent is aligned? Start thinking about how you will manage information with this new in-flight paradigm.

6. Data Protection Becomes Risky Business

Risk-based approaches to data protection will continue to evolve and become more sophisticated and automated. Protecting everything equally is a waste of valuable resources. Do you hire an armed guard to watch your garage full of old junk? Decide which data is the most important to protect and requires the bulk of your resources.

7. We’ll Find One Particular Safe Harbor

To quote from a Jimmy Buffett song, “And there’s that one particular harbor / Sheltered from the wind / Where the children play on the shore each day / And all are safe within.”

In Jimmy’s case, that harbor is the breathtaking Cook’s Bay in Moorea, an island in French Polynesia. In the world of privacy, however, that harbor is the former EU Safe Harbor Framework, which was declared invalid on Oct. 6, 2015. The forthcoming replacement is widely anticipated.

Here’s to finding your one safe harbor in 2016 — and hoping your predictions come true.

More from Data Protection

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today