Facebook last week called for help to source solutions to its privacy quandary. How do you protect users’ privacy while enabling access, portability and monetization? This call to action is an industrywide issue, and an important one: Facebook is not unique in its struggle to protect privacy yet keep data portable.

Consumers are certainly taking privacy more seriously, but we’re also seeing an evolution in their understanding of the role data plays in our lives. A new IBM study conducted by Harris Poll revealed that consumers are demanding to understand and have control over where their data goes. More than half of U.S. consumers polled either know someone whose information has been compromised or have had their own information compromised. Seven out of 10 consumers are aware that their data doesn’t necessarily stay with the original company they share it with, and that has real business implications.

Simply put, our poll results indicate that consumers are flat-out dissatisfied with the way many businesses are handling their data. Eighty-four percent of those surveyed agree that they have lost all control over how personal information is being used by companies, and nearly two-thirds strongly agree that companies should be doing more to protect them against cybersecurity threats.

Figure 1: Views of Personal Data Usage (Source: Harris Insights & Analytics)

So what’s underneath this concern when it comes to privacy? Surprisingly, it’s not just about protection of data — it’s about consumers’ demand to control their data.

Do Customers Care How Their Data Is Shared?

Surveyed consumers think it’s more important for businesses to protect their data than it is to provide a quality product.

Imagine having to decide between a cutting-edge smart fridge that collects data on what, when and how often you eat versus an old-fashioned cooler you have to continually fill with ice to keep anything cold. Most people would pick the smart fridge every time, if only for convenience. Who cares if the company you bought it from knows how often you eat ice cream and drink beer?

As it turns out, consumers do care about how that data is being used and shared. In fact, 65 percent of consumers surveyed said whether a company shares data with third parties is important when deciding whether or not to do business with a company. How a company protects that data is even more important in this decision, with 53 percent of consumers saying how well businesses protect their data from a cyberattack is “extremely important,” while 44 percent place the same value on quality products and services. Only 25 percent place the same value on how a company engages in communities and with the environment.

Figure 2: Importance When Doing Business With a Company (Source: Harris Insights & Analytics)

Even more significant, 64 percent of all consumers have opted not to work with a business due to concerns about whether they could keep their data secure, and 83 percent said that if a company shares their data without their permission, they will not do business with them.

Once a consumer decides they trust a company enough to handle their data, that company is imparted with a huge amount of responsibility as a custodian of that information. According to the survey, 60 percent of consumers said the company that collected the information should play a “great deal” of a role in developing a clear understanding of how personal information is being used — more so than the government (45 percent), third parties (41 percent) and watchdog organizations (40 percent).

Figure 3: Role in Understanding How Data Is Used (Source: Harris Insights & Analytics)

It’s All About Control Over Data

As consumers become savvier and more consumer-friendly solutions are developed to negotiate data exchange, new tools become increasingly important. In particular, the ability to rescind personal data ranks highly as a way for companies to build trust with consumers. Of those polled, 75 percent agree they would be more willing to share personal information if there was a way to fully take back and retrieve the data at any time, while 68 percent of consumers would be willing to share their personal information if a company could demonstrate that it could monitor how their data was being used.

Figure 4: Importance of Ways to Keep Data Private (Source: Harris Insights & Analytics)

Interestingly, this feeling extends to third-party data sharing. Three-fifths of consumers surveyed agree that they would be less concerned about sharing data if they knew where the data traveled. Seven in 10 say they would be very or somewhat likely to share personal data with a third party if there were new methods that allowed for fully taking back and revoking data access at any time, though half are only somewhat likely.

Technology Is Helping to Enable Privacy as a Choice

The IBM-Harris Poll survey demonstrates that consumers are savvy about their data privacy and who has access. But the enterprise still has trouble addressing these concerns in meaningful ways, largely because protecting data has become an enormous and complex challenge. Data no longer stays in one place, and compliance with the General Data Protection Regulation (GDPR) and other regulations requires an understanding of how and where personal data is used. But innovations are continuing to emerge that enable businesses to build this protection for consumers.

It might be surprising to learn the possible solution is emerging from the same platform used in the Apollo 11 mission to put a man on the moon. The silent backbone used by the world’s largest banks and retailers to process trillions of transactions could be a privacy game-changer: the venerable mainframe.

IBM has spent the past four years working with 100 clients to shape its new system, the z15 enterprise platform, to better manage the privacy of customer data. The result of this work is a big technology breakthrough called Data Privacy Passports, which enables security teams to provision data rules that manage individual user access across private, public and hybrid cloud data at the data element level.

So how does it work? At the core of this is the introduction of the concept of Trusted Data Objects (TDO) to the industry. These objects provide protection for data wherever it goes through a data supply chain. Think of it like a data bubble that includes the data and its associated metadata. These TDOs encapsulate all the data shared with a third party and can manage what elements are shared and with whom, while giving the originator the ability to revoke access.

This innovation is unique and exciting because we can now combine data content with data context and apply rules to those combinations of elements. So, depending on the scenario, only the needed information is shared with the appropriate party, including additional downstream parties.

In the past, these types of access controls would take a lot of application coding and maintenance. Now, using TDOs, the rules are shared across the data landscape and transparent to the application or service, wherever that data is located and wherever it flows. And if we need to revoke access, such as when a contract with a third party is terminated, the access to the data is also immediately terminated.

Innovation around data privacy is one of the biggest opportunities in tech today, and one that has been underserved. Watch this space as companies begin to adopt this new paradigm and integrate it into their businesses. If we can get to the moon, I’m confident we can solve this compelling challenge here on Earth.

Learn more about how to build a strong data privacy program

More from CISO

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

How the Talent Shortage Impacts Cybersecurity Leadership

4 min read - The lack of a skilled cybersecurity workforce stalls the effectiveness of any organization’s security program. Yes, automated tools and technologies like artificial intelligence (AI) and machine learning (ML) offer a layer of support, and bringing in a managed security service provider (MSSP) provides expertise that isn’t available in-house. But it isn’t enough, especially for the medium-sized businesses that would most benefit from an internal security team. However, the talent shortage doesn’t just impact present-day security concerns. The lack of a…

4 min read