Facebook last week called for help to source solutions to its privacy quandary. How do you protect users’ privacy while enabling access, portability and monetization? This call to action is an industrywide issue, and an important one: Facebook is not unique in its struggle to protect privacy yet keep data portable.

Consumers are certainly taking privacy more seriously, but we’re also seeing an evolution in their understanding of the role data plays in our lives. A new IBM study conducted by Harris Poll revealed that consumers are demanding to understand and have control over where their data goes. More than half of U.S. consumers polled either know someone whose information has been compromised or have had their own information compromised. Seven out of 10 consumers are aware that their data doesn’t necessarily stay with the original company they share it with, and that has real business implications.

Simply put, our poll results indicate that consumers are flat-out dissatisfied with the way many businesses are handling their data. Eighty-four percent of those surveyed agree that they have lost all control over how personal information is being used by companies, and nearly two-thirds strongly agree that companies should be doing more to protect them against cybersecurity threats.

Figure 1: Views of Personal Data Usage (Source: Harris Insights & Analytics)

So what’s underneath this concern when it comes to privacy? Surprisingly, it’s not just about protection of data — it’s about consumers’ demand to control their data.

Do Customers Care How Their Data Is Shared?

Surveyed consumers think it’s more important for businesses to protect their data than it is to provide a quality product.

Imagine having to decide between a cutting-edge smart fridge that collects data on what, when and how often you eat versus an old-fashioned cooler you have to continually fill with ice to keep anything cold. Most people would pick the smart fridge every time, if only for convenience. Who cares if the company you bought it from knows how often you eat ice cream and drink beer?

As it turns out, consumers do care about how that data is being used and shared. In fact, 65 percent of consumers surveyed said whether a company shares data with third parties is important when deciding whether or not to do business with a company. How a company protects that data is even more important in this decision, with 53 percent of consumers saying how well businesses protect their data from a cyberattack is “extremely important,” while 44 percent place the same value on quality products and services. Only 25 percent place the same value on how a company engages in communities and with the environment.

Figure 2: Importance When Doing Business With a Company (Source: Harris Insights & Analytics)

Even more significant, 64 percent of all consumers have opted not to work with a business due to concerns about whether they could keep their data secure, and 83 percent said that if a company shares their data without their permission, they will not do business with them.

Once a consumer decides they trust a company enough to handle their data, that company is imparted with a huge amount of responsibility as a custodian of that information. According to the survey, 60 percent of consumers said the company that collected the information should play a “great deal” of a role in developing a clear understanding of how personal information is being used — more so than the government (45 percent), third parties (41 percent) and watchdog organizations (40 percent).

Figure 3: Role in Understanding How Data Is Used (Source: Harris Insights & Analytics)

It’s All About Control Over Data

As consumers become savvier and more consumer-friendly solutions are developed to negotiate data exchange, new tools become increasingly important. In particular, the ability to rescind personal data ranks highly as a way for companies to build trust with consumers. Of those polled, 75 percent agree they would be more willing to share personal information if there was a way to fully take back and retrieve the data at any time, while 68 percent of consumers would be willing to share their personal information if a company could demonstrate that it could monitor how their data was being used.

Figure 4: Importance of Ways to Keep Data Private (Source: Harris Insights & Analytics)

Interestingly, this feeling extends to third-party data sharing. Three-fifths of consumers surveyed agree that they would be less concerned about sharing data if they knew where the data traveled. Seven in 10 say they would be very or somewhat likely to share personal data with a third party if there were new methods that allowed for fully taking back and revoking data access at any time, though half are only somewhat likely.

Technology Is Helping to Enable Privacy as a Choice

The IBM-Harris Poll survey demonstrates that consumers are savvy about their data privacy and who has access. But the enterprise still has trouble addressing these concerns in meaningful ways, largely because protecting data has become an enormous and complex challenge. Data no longer stays in one place, and compliance with the General Data Protection Regulation (GDPR) and other regulations requires an understanding of how and where personal data is used. But innovations are continuing to emerge that enable businesses to build this protection for consumers.

It might be surprising to learn the possible solution is emerging from the same platform used in the Apollo 11 mission to put a man on the moon. The silent backbone used by the world’s largest banks and retailers to process trillions of transactions could be a privacy game-changer: the venerable mainframe.

IBM has spent the past four years working with 100 clients to shape its new system, the z15 enterprise platform, to better manage the privacy of customer data. The result of this work is a big technology breakthrough called Data Privacy Passports, which enables security teams to provision data rules that manage individual user access across private, public and hybrid cloud data at the data element level.

So how does it work? At the core of this is the introduction of the concept of Trusted Data Objects (TDO) to the industry. These objects provide protection for data wherever it goes through a data supply chain. Think of it like a data bubble that includes the data and its associated metadata. These TDOs encapsulate all the data shared with a third party and can manage what elements are shared and with whom, while giving the originator the ability to revoke access.

This innovation is unique and exciting because we can now combine data content with data context and apply rules to those combinations of elements. So, depending on the scenario, only the needed information is shared with the appropriate party, including additional downstream parties.

In the past, these types of access controls would take a lot of application coding and maintenance. Now, using TDOs, the rules are shared across the data landscape and transparent to the application or service, wherever that data is located and wherever it flows. And if we need to revoke access, such as when a contract with a third party is terminated, the access to the data is also immediately terminated.

Innovation around data privacy is one of the biggest opportunities in tech today, and one that has been underserved. Watch this space as companies begin to adopt this new paradigm and integrate it into their businesses. If we can get to the moon, I’m confident we can solve this compelling challenge here on Earth.

Learn more about how to build a strong data privacy program

More from CISO

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

What’s new in the 2023 Cost of a Data Breach report

3 min read - Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs. The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the…

Cyber leaders: Stop being your own worst career enemy. Here’s how.

24 min read - Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. We’ve been beating the cyber talent shortage drum for a while now, and with good reason. The vacancy numbers are staggering, with some in the industry reporting as many as 3.5 million unfilled positions as of April 2023 and projecting the disparity between supply and demand will remain until 2025. Perhaps one of the best (and arguably only) ways we can realistically bridge this gap is to…

Poor communication during a data breach can cost you — Here’s how to avoid it

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…