This time of year, predictions abound.
I decided to go out on a limb and make a Super Bowl prediction to kick things off. I asked my resident football expert, my 14-year-old son, two questions: “What is a prediction?” and, “Who is going to win the Super Bowl?” His answers: “You use your data to predict what’s going to happen.” Indeed, I agree. Predictions are based on a combination of knowledge, experience, opinions and a bit of wishful thinking.
Because I do not have the knowledge or experience in football, and my wishful thinking of having a winning team in Los Angeles is at least a year out, I’ll use my son’s (wishful thinking) prediction: “The Patriots!” I hasten to add that he made this prediction just before they lost to the Broncos by a scant two points, but it was an educated and valid prediction nonetheless. One thing is for sure: My track record on data privacy is vastly better than for football.
In honor of International Data Privacy Day, I’m going to share my seven predictions on the future of data privacy for 2016, plus a bit on data security since the topics are so intertwined in the technology world. This past year, I logged thousands of miles visiting with clients all over North America and attending conferences. I have also spent a lot of time researching, reading, collaborating with thought leaders and talking with our developers and researchers. So here’s my amalgam of predictions and trends for 2016.
1. You Will Learn a New Acronym: GDPR
The General Data Protection Regulation (GDPR) will replace the current EU Data Protection Directive, phasing in over the next two years. This new regulation will enact stricter guidelines on getting consent for data collection, individual profiling and more comprehensive definitions of sensitive data. It all points to a new imperative to manage data at a granular, data-element level by understanding where the data is located, where it flows, with whom it is shared, what consent is given and when data must be deleted.
What are the implications? Consider managing data at an element level. Identify, track and audit everything — especially any applications that collect highly sensitive data such as biometrics, genomics or health information.
Read the Interactive Solution Brief: Ready, Set, GDPR
2. Data Privacy Will Become a Key Driver in IoT Adoption
Mobile has become the face of the Internet of Things (IoT) for consumers. Smartphones also function as IoT devices and generally have 10 sensors or more — not only for location tracking, but also for monitoring things such as environmental conditions, your mood and your heart rate.
While consumers are adopting new devices where they see value, they are also becoming increasingly wary about data collection and sharing. They expect transparency.
Two recent studies back this up: First, the IoT Privacy Index found 80 percent of users felt the benefits of smart devices did not outweigh privacy concerns. Additionally, more than 85 percent wanted to know more about how their data is collected before using a device.
Second, in a recent Altimeter Group study, 78 percent of respondents expressed discomfort with companies selling their personal data. Nearly half had very low to no trust that connected device data is being used securely and privately.
Consider how you manage consent with regard to data collection and distribution. Provide clear and simple transparent choices around data sharing in exchange for providing value — it builds trust.
3. Big Data, a Big Breach and a Big Deal
I expect we will see the first big data breach in 2016. It’s long overdue. As Hadoop, Spark and others go mainstream and more organizations centralize data for advanced analytics, attackers will advance their skills with Hadoop and NoSQL to keep up.
Big data going mainstream means it will also move out from highly secured, isolated sandboxes to more exposed production environments and the cloud, which means activity monitoring will become more critical.
4. Cloudy With a Chance of Data Leaks
I also expect we will see the first highly publicized cloud breach. In the gold rush toward cloud, I’ve observed that hosting vendors have inconsistent approaches to security and privacy. Due diligence is critical in deciding to partner with a cloud provider and putting your most critical data in someone else’s hands outside your four walls.
Even with the best security, you can still have insider breaches, on the cloud or elsewhere — again, another reason for activity monitoring, whether on-premises or in the cloud.
5. You’ll Learn Where Your Data Is — Always
As analytics moves toward the cognitive realm and self-learning systems make decisions at the speed of processing, there will be more of a push toward managing data in flight — especially sensitive data that is derived or calculated and never stored.
How do you secure and share this data? Implement privacy policies? Ensure that consent is aligned? Start thinking about how you will manage information with this new in-flight paradigm.
6. Data Protection Becomes Risky Business
Risk-based approaches to data protection will continue to evolve and become more sophisticated and automated. Protecting everything equally is a waste of valuable resources. Do you hire an armed guard to watch your garage full of old junk? Decide which data is the most important to protect and requires the bulk of your resources.
7. We’ll Find One Particular Safe Harbor
To quote from a Jimmy Buffett song, “And there’s that one particular harbor / Sheltered from the wind / Where the children play on the shore each day / And all are safe within.”
In Jimmy’s case, that harbor is the breathtaking Cook’s Bay in Moorea, an island in French Polynesia. In the world of privacy, however, that harbor is the former EU Safe Harbor Framework, which was declared invalid on Oct. 6, 2015. The forthcoming replacement is widely anticipated.
Here’s to finding your one safe harbor in 2016 — and hoping your predictions come true.
CTO Data Security and Privacy, IBM Security