Gartner Identifies Top Five Trends in Privacy Through 2024
Gartner Press Release I 10:28 am, 31st May
As the number of privacy regulations worldwide continues to grow, organisations should focus on five privacy trends to help meet the challenges of protecting personal data and meeting regulatory requirements, according to Gartner, Inc.
“By year-end 2024, Gartner predicts that 75% of the world’s population will have its personal data covered under modern privacy regulations. This regulatory evolution has been the dominant catalyst for the operationalisation of privacy,” said Nader Henein, VP Analyst at Gartner. “Since most organisations do not have a dedicated privacy practice, the responsibility for operationalising these requirements is passed onto technology, more specifically security, under the umbrella of the CISO’s office.”
With the expansion of privacy regulation efforts across dozens of jurisdictions in the next two years, many organisations will see the need to start their privacy programme efforts now. In fact, Gartner predicts that large organisations’ average annual budget for privacy will exceed $2.5 million by 2024.
Gartner identified five privacy trends that support the privacy practice, but also support multiple business leaders across the business, making buy-in more attainable, value more substantial, and time to value far shorter.
Data Localisation
In a borderless digital society, seeking to control the country where data resides seems counterintuitive. However, this control is either a direct requirement or a byproduct of many emerging privacy laws.
The risks to a multicountry business strategy drive a new approach to the design and acquisition of cloud across all service models, as security & risk management leaders face an uneven regulatory landscape with different regions requiring different localisation strategies. As a result, data localisation planning will shift to a top priority in the design and acquisition of cloud services.
Privacy-Enhancing Computation Techniques
Data processing in untrusted environments - such as public cloud - and multiparty data sharing and analytics have become foundational to an organisation’s success. Rather than taking a bolt-on approach, the increasing complexity of analytics engines and architectures mandates that vendors incorporate a by-design privacy capability. The pervasiveness of AI models and the necessity to train them is only the latest addition to privacy concerns.
Unlike common data-at-rest security controls, privacy-enhancing computation (PEC) protects data in use. As a result, organisations can implement data processing and analytics that were previously impossible because of privacy or security concerns.
Gartner predicts that by 2025, 60% of large organisations will use at least one PEC technique in analytics, business intelligence and/or cloud computing.
AI Governance
A Gartner survey found that 40% of organisations had an AI privacy breach and that, of those breaches, only one in four was malicious. Whether organisations process personal data through an AI-based module integrated into a vendor offering, or a discrete platform managed by an in-house data science team, the risks to privacy and potential misuse of personal data are clear.
“Much of the AI running across organizations today is built into larger solutions, with little oversight available to assess the impact to privacy. These embedded AI capabilities are used to track employee behaviour, assess consumer sentiment and build “smart” products that learn on the go. Furthermore, the data being fed into these learning models today will have an influence on decisions being made years down the line,” said Henein. “Once AI regulation becomes more established, it will be nearly impossible to untangle toxic data ingested in the absence of an AI governance programme. IT leaders will be left having to rip out systems wholesale, at great expense to their organisations and to their standing.”
Centralised Privacy UX
Increased consumer demand for subject rights and raised expectations about transparency will drive the need for a centralised privacy user experience (UX). Forward-thinking organizations understand the advantage of bringing together all aspects of the privacy UX — notices, cookies, consent management and subject rights requests (SRR) handling — into one self-service portal. This approach yields convenience for key constituents, customers and employees, and generates considerable time and cost savings.
By 2023, Gartner predicts that 30% of consumer-facing organisations will offer a self-service transparency portal to provide for preference and consent management.
Remote Becomes “Hybrid Everything”
With engagement models in work and life settling into hybrid, both the opportunity and desire for increased tracking, monitoring and other personal data processing activities rise, and privacy risk becomes paramount.
.With the privacy implications of an all-hybrid set of interactions, productivity and work-life balance satisfaction have also increased across various industries and disciplines. Organisations should take a human-centric approach to privacy, and monitoring data should be used minimally and with clear purpose, such as improving employee experience by removing unnecessary friction or mitigating burnout risk by flagging well-being risks.
Gartner Security & Risk Management Summit
Gartner analysts will provide additional analysis on the outlook for privacy at the Gartner Security & Risk Management Summit 2022, taking place from 12-14 September in London. Follow news and updates from the conferences on Twitter using #GartnerSEC.
Source: Press release by Gartner, Inc.
Subscribe to our Newsletters
Stay up to date with our latest news
more news
Métavers: Dans les yeux d‘une ado
by Louise Doussot I 11:06 pm, 28th January
Le métavers est un univers fictif qui combine la réalité avec le virtuel. Le principe en est relativement simple : il s'agit de créer un monde virtuel qui, même lorsque ses utilisateurs sont déconnectés, continue de fonctionner et de se développer.
load more