As 2013 comes to a close, it's clear to me that much of the rhetoric about privacy's death was not only premature but downright wrong. Just in this past week, there have been several events that point to how very alive and critically important the topic of privacy is:
The US Senate Committee on Commerce, Science, and Transportation released a report (in advance of a public hearing) about the practices of the data brokerage industry, and how they impact consumers. The report claims that "data brokers operate behind a veil of secrecy, subject to limited statutory consumer protections." This certainly portends the possibility of new legislation being introduced by the committee in 2014.
US District Court Judge Richard Leon ruled that the bulk collection of millions of Americans' call records likely violates the Fourth Amendment of the Constitution. While conflating surveillance with marketing privacy is a dangerous thing, I suspect that this ruling will draw further attention to the volume, scale, and methods of data collection, irrespective of who's doing the collecting.
I had the privilege of watching the recent NSA surveillance story unfold from my hotel room in London this June. Seeing the story from a decidedly non-American viewpoint got me thinking a bit differently about the implications for our society. From my point of view — no matter how you define the squishy and now beat-to-death “big data” concept — the NSA story has moved it from something “they use” to something that is uncomfortably close to where we live our lives. In other words, big data just moved in next door and is peeking over our fences into our living rooms. Eeek.
There are lots of socio-political issues with this, and I’m not even going to go there. However, the way that I see it, this incident will ultimately create a lot of opportunity for businesses savvy enough to get ahead of it the can of worms now squirming in our laps.
I think one of two things is going to happen. Either: 1) the US general public will shrug and go back to business as usual and this story will die, or 2) the public outrage will demand governmental oversight and accountability resulting in a tightening of our legal system. The latter case would be an example of how digital disruption, a topic we have written and blogged about for a while, is not just a business thing. It’s a cultural phenomenon that will rock our society for a long time.
As data flows between countries with disparate data protection laws, firms need to ensure the safety of their customer and employee data through regulatory compliance and due diligence. However, multinational organizations often find global data privacy laws exceedingly challenging. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches.
Regulation in the data privacy arena is far from static. In the year since we last updated the heat map, we have seen many changes to how countries around the world view and enforce data privacy. Forrester has tracked and rated each of these 54 countries across seven different metrics directly within the tool. Among them, seven countries had their ratings change over the past year. Some of the most significant changes corporations are concerned with involve:
New national omnibus data privacy laws spanning private and/or public industry. Data privacy regulation, when looked at globally, forms a spectrum of maturity beginning with spotty industry or situation-specific laws all the way to omnibus frameworks. As you might expect, responsible corporations prefer to engage in business practices where the data privacy laws are clearly-defined and transparent. For instance, countries such as Brazil and China are in the process of moving towards potential omnibus laws which will replace a multitude of sectoral and situation-based laws. Other countries, such as Colombia and Singapore, have recently passed far-reaching omnibus laws, also replacing a patchwork of prior sectoral laws.