September 12, 2019 By Cindy Compert 5 min read

Facebook last week called for help to source solutions to its privacy quandary. How do you protect users’ privacy while enabling access, portability and monetization? This call to action is an industrywide issue, and an important one: Facebook is not unique in its struggle to protect privacy yet keep data portable.

Consumers are certainly taking privacy more seriously, but we’re also seeing an evolution in their understanding of the role data plays in our lives. A new IBM study conducted by Harris Poll revealed that consumers are demanding to understand and have control over where their data goes. More than half of U.S. consumers polled either know someone whose information has been compromised or have had their own information compromised. Seven out of 10 consumers are aware that their data doesn’t necessarily stay with the original company they share it with, and that has real business implications.

Simply put, our poll results indicate that consumers are flat-out dissatisfied with the way many businesses are handling their data. Eighty-four percent of those surveyed agree that they have lost all control over how personal information is being used by companies, and nearly two-thirds strongly agree that companies should be doing more to protect them against cybersecurity threats.

Figure 1: Views of Personal Data Usage (Source: Harris Insights & Analytics)

So what’s underneath this concern when it comes to privacy? Surprisingly, it’s not just about protection of data — it’s about consumers’ demand to control their data.

Do Customers Care How Their Data Is Shared?

Surveyed consumers think it’s more important for businesses to protect their data than it is to provide a quality product.

Imagine having to decide between a cutting-edge smart fridge that collects data on what, when and how often you eat versus an old-fashioned cooler you have to continually fill with ice to keep anything cold. Most people would pick the smart fridge every time, if only for convenience. Who cares if the company you bought it from knows how often you eat ice cream and drink beer?

As it turns out, consumers do care about how that data is being used and shared. In fact, 65 percent of consumers surveyed said whether a company shares data with third parties is important when deciding whether or not to do business with a company. How a company protects that data is even more important in this decision, with 53 percent of consumers saying how well businesses protect their data from a cyberattack is “extremely important,” while 44 percent place the same value on quality products and services. Only 25 percent place the same value on how a company engages in communities and with the environment.

Figure 2: Importance When Doing Business With a Company (Source: Harris Insights & Analytics)

Even more significant, 64 percent of all consumers have opted not to work with a business due to concerns about whether they could keep their data secure, and 83 percent said that if a company shares their data without their permission, they will not do business with them.

Once a consumer decides they trust a company enough to handle their data, that company is imparted with a huge amount of responsibility as a custodian of that information. According to the survey, 60 percent of consumers said the company that collected the information should play a “great deal” of a role in developing a clear understanding of how personal information is being used — more so than the government (45 percent), third parties (41 percent) and watchdog organizations (40 percent).

Figure 3: Role in Understanding How Data Is Used (Source: Harris Insights & Analytics)

It’s All About Control Over Data

As consumers become savvier and more consumer-friendly solutions are developed to negotiate data exchange, new tools become increasingly important. In particular, the ability to rescind personal data ranks highly as a way for companies to build trust with consumers. Of those polled, 75 percent agree they would be more willing to share personal information if there was a way to fully take back and retrieve the data at any time, while 68 percent of consumers would be willing to share their personal information if a company could demonstrate that it could monitor how their data was being used.

Figure 4: Importance of Ways to Keep Data Private (Source: Harris Insights & Analytics)

Interestingly, this feeling extends to third-party data sharing. Three-fifths of consumers surveyed agree that they would be less concerned about sharing data if they knew where the data traveled. Seven in 10 say they would be very or somewhat likely to share personal data with a third party if there were new methods that allowed for fully taking back and revoking data access at any time, though half are only somewhat likely.

Technology Is Helping to Enable Privacy as a Choice

The IBM-Harris Poll survey demonstrates that consumers are savvy about their data privacy and who has access. But the enterprise still has trouble addressing these concerns in meaningful ways, largely because protecting data has become an enormous and complex challenge. Data no longer stays in one place, and compliance with the General Data Protection Regulation (GDPR) and other regulations requires an understanding of how and where personal data is used. But innovations are continuing to emerge that enable businesses to build this protection for consumers.

It might be surprising to learn the possible solution is emerging from the same platform used in the Apollo 11 mission to put a man on the moon. The silent backbone used by the world’s largest banks and retailers to process trillions of transactions could be a privacy game-changer: the venerable mainframe.

IBM has spent the past four years working with 100 clients to shape its new system, the z15 enterprise platform, to better manage the privacy of customer data. The result of this work is a big technology breakthrough called Data Privacy Passports, which enables security teams to provision data rules that manage individual user access across private, public and hybrid cloud data at the data element level.

So how does it work? At the core of this is the introduction of the concept of Trusted Data Objects (TDO) to the industry. These objects provide protection for data wherever it goes through a data supply chain. Think of it like a data bubble that includes the data and its associated metadata. These TDOs encapsulate all the data shared with a third party and can manage what elements are shared and with whom, while giving the originator the ability to revoke access.

This innovation is unique and exciting because we can now combine data content with data context and apply rules to those combinations of elements. So, depending on the scenario, only the needed information is shared with the appropriate party, including additional downstream parties.

In the past, these types of access controls would take a lot of application coding and maintenance. Now, using TDOs, the rules are shared across the data landscape and transparent to the application or service, wherever that data is located and wherever it flows. And if we need to revoke access, such as when a contract with a third party is terminated, the access to the data is also immediately terminated.

Innovation around data privacy is one of the biggest opportunities in tech today, and one that has been underserved. Watch this space as companies begin to adopt this new paradigm and integrate it into their businesses. If we can get to the moon, I’m confident we can solve this compelling challenge here on Earth.

Learn more about how to build a strong data privacy program

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today