At the end of 2019, Forbes identified data privacy and security as the most pressing issue in the upcoming decade. The issue is already prevalent: Every day, a new story crops up about leaked, compromised, or misused data. While clicking through their often numerous social media accounts, consumers are providing these companies with more personal data. The growth of home security devices such as the Ring camera has also fed the collection of personal data into the surveillance economy.
Ring was recently exposed for having several third-party trackers in its app that sent out customers’ personally identifiable information to analytics and marketing companies. Check out Forrester Analysts Jeff Pollard, Sandy Carielli, and Alla Valente’s blog about this. In December 2019, Wyze, another provider of home video cameras, announced a data leak that exposed over 2 million of its customers’ personal information. And let’s not forget about Facebook’s incidents of data misuse that came to light in 2018 and 2019, from Cambridge Analytica to the harvesting of user emails.
So where does that leave both consumers and enterprises? In the final quarter of 2019, the security and risk (S&R) team published a variety of reports addressing security awareness, privacy regulations, and reputational risk relating to data privacy.
- Governments, enterprises, and, unfortunately, attackers all ended the second decade of the 21st century in a better place than the one in which they began it. Like any escalating conflict that includes innovation, each side is attempting to out-evolve the other, bringing new problems, risks, and opportunities for solutions as technology continues to dominate our personal, professional, and civic lives. See Jeff Pollard, Andras Cser, Heidi Shey, Merritt Maxim, Claire O’Malley, Chase Cunningham, and Jinan Budge’s report, “Predictions 2020: Cybersecurity.”
- The people element of security has long sat on the back burner as S&R pros bought tech product after tech product without first solving fundamental problems. People and culture are central to a successful security program, but firms don’t prioritize them or embed them into security strategy enough. This report is an overview of Forrester research that focuses on the often-neglected human side of security. It links to reports that S&R pros can use for building security awareness, changing behavior, and leading cultural change within and outside of their organization. See Jinan Budge’s “Research Overview: Security Awareness, Behavior, And Culture.”
- Privacy regulations such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR) have spurred interest in technologies and approaches to support compliance, including tools for de-identifying data. S&R pros should use this report to understand the differences between de-identification, anonymization, and pseudonymization, as well as the use cases and business benefits of de-identifying data. See Heidi Shey and Enza Iannopollo’s report, “Demystifying De-Identification, Anonymization, And Pseudonymization.”
- Privacy professionals can apply Forrester’s Consumer Privacy Segmentation to understand how privacy perspectives vary by geography across Europe. Armed with this customer insight, privacy pros can work closely with security leaders as well as with business leaders, marketers, and customer experience professionals to design and optimize privacy programs that enhance consumers’ experiences, build their trust, and foster business success. See Enza Iannopollo’s report, “Forrester’s 2019 Consumer Privacy Segmentation: Europe.”
- You can use governance, risk, and compliance (GRC) technology to protect your customers, business, and brand; proactively respond to emerging risks and evolving regulations; and navigate through complex market dynamics. But to realize these benefits, you’ll first have to select from a diverse set of vendors that vary by size, functionality, geography, and vertical market focus. Risk and compliance professionals should use this report to understand the value they can expect from a GRC provider and to select one based on size and functionality. See Alla Valente’s “Now Tech: Governance, Risk, And Compliance Technology, Q4 2019.”
- The focused impact of employees or customers who negotiate collectively is one of the biggest sources of reputational risk. Through this collective bargaining, customers or employees change how firms create and sell their products, and it all plays out on social media for the world to see. Risk managers should use this report to understand how to identify and build resilience against collective bargaining before it undermines brand experience and customer trust — and the firm’s stock plummets. See Renee Murphy and Salvatore Schiano’s report, “Collective Bargaining Forces Companies To Manage Reputational Risk.”
(written with Alexis Bouffard, research associate at Forrester)