View from Peter Lancos, CEO
"Welcome to another edition of eXate's Global Data Diaries series, a fortnightly blog series that aims to bring you the latest news, tips and insights from the world of data privacy. Today we speak about the importance of privacy metrics and some examples regarding the same.
It is said that what cannot be measured, cannot be effectively controlled. The privacy world warrants high-quality control, and this is only feasible when there are a set of well-defined metrics governing the data security and privacy processes.
Some of the recent privacy metrics have stemmed forth as a result of the surge in the use of Privacy Enhancing Techniques (PETs) during the global COVID-19 pandemic. One such example is Privacy Investment and ROI. With the increasingly critical role of privacy, privacy budgets have with no doubt risen sharply. In fact, the average privacy budget doubled from $1.2 million to $2.4 million this year. A benchmark study performed by CISCO illustrates some of the most used privacy metrics in the industry. This study also shows that organisations with clearly defined security / privacy metrics realise much greater business benefits than those with loosely defined or no metrics.
A few examples of privacy metrics that depict the amount of data shared include:
% of data will be used for unrelated purposes
% of data shared with third parties
% of data that will not be deleted or anonymized
Ratio of Privacy Benefits to Investment
An important way for organizations to validate the correct handling of personal data is by obtaining independent, external certifications for their privacy program and practices or by outsourcing their privacy needs to certified vendors. These include ISO 27701 (a privacy extension for ISO 27001).
Adapting to the data-obsessed and privacy-cautious world
Consumer data is becoming ever-more important across the business value chain. But, collecting, storing, using and selling that data is at the same time becoming increasingly taboo. The demise of the third-party cookie rapidly approaching, combined with changes in consumer data regulations and new privacy-focused policies imposed by Google and Apple, the marketing and media industries are reaching a critical juncture.
Data privacy requests metrics: Lessons for your privacy program
On July 1, the regulations implementing the California Consumer Privacy Act required companies that process large volumes of data about Californians to publicly post metrics regarding data subject requests. While many companies have processed DSRs for years under the EU General Data Protection Regulation and the Privacy Directive that preceded it, the CCPA is the first law that requires companies to publicly disclose information about their DSR process.
UK privacy watchdog warns adtech the end of tracking is nigh
It’s been well over two years since the UK’s data protection watchdog warned the behavioural advertising industry it’s wildly out of control. The ICO hasn’t done anything to stop the systematic unlawfulness of the tracking and targeting industry abusing Internet users’ personal data to try to manipulate their attention — not in terms of actually enforcing the law against offenders and stopping what digital rights campaigners have described as the biggest data breach in history.