“It’s a really exciting time to be in the privacy field,” said Harvey Jang, Cisco’s vice president and chief privacy officer. “The growth and importance of privacy are moving far beyond a compliance exercise. We’re seeing a shift towards looking at it from a business perspective. It’s become mission critical for most companies around the world.”
Jang and prominent experts in the data privacy sphere expanded on those themes in a Cisco webinar, How Privacy Became Mission Critical. From initial anxieties over GDPR in 2018, privacy and compliance have since become essential to all organizations. Increasingly, governments enforce it, customers and employees demand it, and smart organizations see it as a competitive advantage.
In his introduction, Jang supported this with some key findings from the 2022 Cisco Privacy Benchmark Study, featuring a survey of more than 5,000 technology professionals in 27 countries. Ninety percent, for example, viewed privacy as core to their company’s mission. Another 91 percent considered data privacy and compliance to be critical in their choice of a technology vendor, and 83 percent believed that privacy laws have had a positive effect.
This sharp increase in awareness was echoed by the other speakers on the webinar, all of whom have seen data privacy and compliance shift from a somewhat onerous checking-a-box exercise to a core, board-level strategy.
Ruth Berry is the incoming deputy assistant secretary for international communications and information policy at the U.S. Department of State. She believes the findings reflect the current climate for data privacy that she sees in business and government alike.
“Those findings are certainly striking,” she said. “But I don’t think they’re surprising because they track what we in government frequently hear from stakeholders. Organizations and individuals are very concerned about privacy and data protection.”
She added, however, that finding the right balance between data protection and enabling the free, interoperable flow of information across national borders will be essential.
“Businesses are very concerned about ensuring the reliability of cross-border data flows,” she said. “I think the key issue for us is that protecting privacy and facilitating data flows are not and should not be incompatible objectives. In a modern, global economy where firms see both protecting privacy and cross-border data flows as mission critical to their businesses, we need to ensure that we are not making trade-offs between these two goals. And I don’t think that we have to.”
Data privacy = return on investment
Cisco’s survey also highlighted positive attitudes around the return on investments in data privacy.
Jang mentioned findings in the Cisco report that indicate a positive return on investment — estimated at 1.8x. Of course, such returns go beyond the monetary to include intangibles like trust and brand equity.
“We have seen how much the level of awareness around data protection has increased,” said Leonardo Cervera Navas, director of the European Data Protection Supervisor. “So, it’s very interesting to see in this survey that most companies do not consider investment in privacy as just an administrative burden, but rather as an investment for gaining the trust of consumers.”
Given the high awareness of secure, private data for business success, Bojana Bellamy, president of the Centre for Information Policy Leadership, reinforced the idea that accountability is nothing short of a business-critical practice — a reality that will only deepen as emerging technologies create a more complex data landscape.
“I call this the new age of accountability,” Bellamy said. “Boards are now realizing that this isn’t just about legal compliance. It is about long-term business proposition. Those companies that are able to demonstrate their mature privacy and security programs are going to be better positioned for this new digital data economy, because they’ll be able to use and share data, deploy AI technologies, and use other new technologies.”
Jang concurred, stressing data ethics as the very foundation of a digitized global economy.
“The three core principles driving privacy, data ethics, and responsible data handling,” he said, “are transparency, fairness, and accountability.”
Jang then drilled down on Cisco’s approach to these three core principles, especially remaining transparent in multicultural global markets.
“It’s hard when you’re going global,” he explained, “and working with countries all around the world with different cultures and ideas on what is ‘fair’. So, we anchor on transparency. We publish Privacy Data Sheets on the Cisco Trust Center and are public about what data we are collecting, why, and how its protected when using Cisco products and services.”
Enabling a private, secure, successful future
Cisco’s level of privacy diligence will continue to be core to a business ecosystem that’s global, data driven, and constantly evolving as new technologies come on board.
“Transparency and explainability are not just for privacy,” Jang added, “but for data ethics, artificial intelligence, machine learning, and other emerging technologies. You just have to be transparent -- say what you do and do what you say.”
Again, the imperative of striking a balance between ensuring data privacy and enabling future innovation was stressed.
“We cannot embrace a dogmatic or bureaucratic data protection legislation,” said Cervera Navas, “but there are examples that show how data protection can live very well alongside digital transformation. We saw it recently during the COVID 19 pandemic where most applications developed for fighting against the virus embedded data protection by design, and that was critical for their success.”
Cervera Navas expects that balance to continue to evolve. “We are launching a European Union initiative called European Health Data space,” he explained. “We are totally in favor of the sharing of medical data between hospitals and also between individuals. But on the premise that there is strong data-protection safeguard. So, by doing that, you achieve both progress and scientific research and reassure people that their data is in good hands.”
Berry sees this kind of cooperation between industries and governments as essential to future success.
“Privacy will continue to be increasingly important for citizens around the world and therefore for businesses,” she stressed. “So, this is an important area for governments, the private sector, and civil society to continue to work together as we grapple with these critical issues.”
Bellamy looks to continued progress on these fronts, with greater international cooperation to build safe, trusted data flows — between individuals, organizations, and nations. With a nod to President Roosevelt’s New Deal economic transformation in the 1930s, she calls for nothing short of a New Deal for Data.
“We need to be more ambitious when it comes to ensuring data flows with trust,” she concluded. “I sometimes think that we need a New Deal for Data. And we need a new international agreement that enables us to have basic privacy protections, but also that enables responsible and proportionate access to data by governments because security and safety fears are not going to go away.”
In their concluding remarks, the participants agreed: there’s more to be done — more policy agreements, better technology, and ongoing cultural changes within organizations. But all see this as an exciting time in the privacy space, with progress that will continue to enable an innovative future.