Facebook last week called for help to source solutions to its privacy quandary. How do you protect users’ privacy while enabling access, portability and monetization? This call to action is an industrywide issue, and an important one: Facebook is not unique in its struggle to protect privacy yet keep data portable.

Consumers are certainly taking privacy more seriously, but we’re also seeing an evolution in their understanding of the role data plays in our lives. A new IBM study conducted by Harris Poll revealed that consumers are demanding to understand and have control over where their data goes. More than half of U.S. consumers polled either know someone whose information has been compromised or have had their own information compromised. Seven out of 10 consumers are aware that their data doesn’t necessarily stay with the original company they share it with, and that has real business implications.

Simply put, our poll results indicate that consumers are flat-out dissatisfied with the way many businesses are handling their data. Eighty-four percent of those surveyed agree that they have lost all control over how personal information is being used by companies, and nearly two-thirds strongly agree that companies should be doing more to protect them against cybersecurity threats.

Figure 1: Views of Personal Data Usage (Source: Harris Insights & Analytics)

So what’s underneath this concern when it comes to privacy? Surprisingly, it’s not just about protection of data — it’s about consumers’ demand to control their data.

Do Customers Care How Their Data Is Shared?

Surveyed consumers think it’s more important for businesses to protect their data than it is to provide a quality product.

Imagine having to decide between a cutting-edge smart fridge that collects data on what, when and how often you eat versus an old-fashioned cooler you have to continually fill with ice to keep anything cold. Most people would pick the smart fridge every time, if only for convenience. Who cares if the company you bought it from knows how often you eat ice cream and drink beer?

As it turns out, consumers do care about how that data is being used and shared. In fact, 65 percent of consumers surveyed said whether a company shares data with third parties is important when deciding whether or not to do business with a company. How a company protects that data is even more important in this decision, with 53 percent of consumers saying how well businesses protect their data from a cyberattack is “extremely important,” while 44 percent place the same value on quality products and services. Only 25 percent place the same value on how a company engages in communities and with the environment.

Figure 2: Importance When Doing Business With a Company (Source: Harris Insights & Analytics)

Even more significant, 64 percent of all consumers have opted not to work with a business due to concerns about whether they could keep their data secure, and 83 percent said that if a company shares their data without their permission, they will not do business with them.

Once a consumer decides they trust a company enough to handle their data, that company is imparted with a huge amount of responsibility as a custodian of that information. According to the survey, 60 percent of consumers said the company that collected the information should play a “great deal” of a role in developing a clear understanding of how personal information is being used — more so than the government (45 percent), third parties (41 percent) and watchdog organizations (40 percent).

Figure 3: Role in Understanding How Data Is Used (Source: Harris Insights & Analytics)

It’s All About Control Over Data

As consumers become savvier and more consumer-friendly solutions are developed to negotiate data exchange, new tools become increasingly important. In particular, the ability to rescind personal data ranks highly as a way for companies to build trust with consumers. Of those polled, 75 percent agree they would be more willing to share personal information if there was a way to fully take back and retrieve the data at any time, while 68 percent of consumers would be willing to share their personal information if a company could demonstrate that it could monitor how their data was being used.

Figure 4: Importance of Ways to Keep Data Private (Source: Harris Insights & Analytics)

Interestingly, this feeling extends to third-party data sharing. Three-fifths of consumers surveyed agree that they would be less concerned about sharing data if they knew where the data traveled. Seven in 10 say they would be very or somewhat likely to share personal data with a third party if there were new methods that allowed for fully taking back and revoking data access at any time, though half are only somewhat likely.

Technology Is Helping to Enable Privacy as a Choice

The IBM-Harris Poll survey demonstrates that consumers are savvy about their data privacy and who has access. But the enterprise still has trouble addressing these concerns in meaningful ways, largely because protecting data has become an enormous and complex challenge. Data no longer stays in one place, and compliance with the General Data Protection Regulation (GDPR) and other regulations requires an understanding of how and where personal data is used. But innovations are continuing to emerge that enable businesses to build this protection for consumers.

It might be surprising to learn the possible solution is emerging from the same platform used in the Apollo 11 mission to put a man on the moon. The silent backbone used by the world’s largest banks and retailers to process trillions of transactions could be a privacy game-changer: the venerable mainframe.

IBM has spent the past four years working with 100 clients to shape its new system, the z15 enterprise platform, to better manage the privacy of customer data. The result of this work is a big technology breakthrough called Data Privacy Passports, which enables security teams to provision data rules that manage individual user access across private, public and hybrid cloud data at the data element level.

So how does it work? At the core of this is the introduction of the concept of Trusted Data Objects (TDO) to the industry. These objects provide protection for data wherever it goes through a data supply chain. Think of it like a data bubble that includes the data and its associated metadata. These TDOs encapsulate all the data shared with a third party and can manage what elements are shared and with whom, while giving the originator the ability to revoke access.

This innovation is unique and exciting because we can now combine data content with data context and apply rules to those combinations of elements. So, depending on the scenario, only the needed information is shared with the appropriate party, including additional downstream parties.

In the past, these types of access controls would take a lot of application coding and maintenance. Now, using TDOs, the rules are shared across the data landscape and transparent to the application or service, wherever that data is located and wherever it flows. And if we need to revoke access, such as when a contract with a third party is terminated, the access to the data is also immediately terminated.

Innovation around data privacy is one of the biggest opportunities in tech today, and one that has been underserved. Watch this space as companies begin to adopt this new paradigm and integrate it into their businesses. If we can get to the moon, I’m confident we can solve this compelling challenge here on Earth.

Learn more about how to build a strong data privacy program

More from CISO

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…