To help security and risk professionals navigate the complex landscape of privacy laws around the world, Forrester created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries. Earlier today, we published the 2016 version to the tool, as well as a free version with access to only the U.K. and U.S. ratings. We have updated the map every year since it’s initial publication in order to keep pace with the constantly-evolving landscape of global data privacy laws.
As we roll out the 2016 update and reflect back on the past 5 years of annual assessments, three high-level trends emerge:
Countries continue moving toward the EU standard for data protection. New legislation outside of the EU often follows the EU’s lead by adopting provisions similar to those in the existing Directive 95/46/EC regulation. The slow global convergence toward the requirements outlined in the regulation continued through 2016. For example, Argentina and Japan strengthened pre-existing policies, while Nigeria passed its first comprehensive cybercrime legislation. Japan also established an independent regulatory body (“Privacy Protection Commission”) that oversees privacy issues—a requirement of both the current Directive and the superseding European General Data Protection Regulation (GDPR).
Businesses can obtain major benefits — including better customer experiences and operational excellence — from the internet of things (IoT) by extracting insights from connected objects and delivering feature-rich connected products.
The mobile mind shift requires businesses to proactively support these IoT benefits for nonstationary connected objects that exist as part of IoT solutions. In particular, the IoT forces businesses to acquaint themselves with the implications of mobility in the IoT context for connectivity, security, compliance with privacy and other regulations, and data management for mobility. This means that:
Mobile technologies are central to most IoT solutions. To date, technology managers have mostly focused on enterprise mobility management (EMM) as part of their mobile activities. This narrow focus is insufficient for IoT solutions.
Mobile IoT is not a technology revolution but a fundamental business process transformation. Mobility requires managers not only to deploy mobile technologies but also to exploit them to support specific business process requirements.
Mobile technologies set the framework for IoT solutions. Mobile has distinct implications for aspects like broadband availability, data management, security, and local data compliance. Ignoring these will undermine your IoT initiatives and return on investment.
My new report, Mobilize The Internet Of Things, provides advice and insights for businesses on addressing these mobile challenges in the context of planning for and implementing IoT solutions.
More than four years after the European Union started its journey toward new privacy rules, the EU Parliament adopted the final text of the new EU General Data Protection Regulation (GDPR) last week. The EU will complete the long and controversial process that led to the new rules next month, publishing the Regulation in the Official Journal of the European Union, but no changes can be made at this point. This leaves businesses with a two-year period in which to get ready for its implementation. Some EU countries, like France, will implement the new rules before 2018.
As a security and risk professional, you must start working now to assess what the new rules mean for your organization and make the necessary changes to technology, processes, and people. As you approach the task, keep in mind that the GDPR introduces important changes, such as:
Back in 2013, my colleague Anjali Lai and I wondered how the "summer of Snowden" was affecting consumer attitudes about privacy. So, we fielded a survey and ran some qualitative analysis in our ConsumerVoices Market Research Online Community. A year later, we used that historical data, combined with Consumer Technographics and social listening data to see how perception and behavior were changing. It was a fascinating study.
Fast forward another year: it's now pre-pre-primary season in the US, and candidates are talking about privacy and personal data protection. There have been three more major data breaches affecting millions of Americans. The adblocking debate is at fever pitch, while Internet giants make privacy a point of differentiation. Obviously, we decide to run our study a third time. And this time, we incorporate (opted-in, permission-based) data from our Consumer Technographics Behavioral Study.
Our findings? Consumers are more willing than ever to 1) walk away from your business if you fail to protect their data and privacy; 2) adopt technologies like tracker-blockers and VPNs to limit their exposure to data misuse; and 3) extend their protective actions to the physical realm.
And the real kicker is that, if you're one of the marketers who's been counting on Millennials who "don't care" about their online privacy, you're going to be waiting a long time.
Now that we’re firmly settled in the Age of the Customer, it’s time to take stock of the factors that are really going to drive business success -- or failure -- over the next few years. At Forrester, we’re betting our hats that privacy will be one a big one. In fact, we think that privacy is integral to each one of the 10 success factors in 2016.
I'm just back from two weeks in Hong Kong, where I'd been invited to give a keynote at the 10th anniversary conference of the Business Information Industry Association. Since I was there, I took the time to meet with some fantastic Forrester clients in industries ranging from travel to insurance to retail to consulting. In nearly every discussion, whether I was speaking to a BT or a marketing exec, we eventually got to the topic of the "privacy-personalization paradox."
This is an issue I've explored extensively, and have written about before. It's a challenge that marketers in the US dabble with when they're considering investments in tools like retail beacons and cross-device identity resolution. But it was enlightening to hear about the challenges that firms in APAC face: antiquated privacy laws, a dearth of third-party consumer data, and even the incredible difficulty of compiling a single customer view across their own first party data. Interestingly, though, the solution in both markets is similar: preference management.
Unless you're in a regulated industry, or headquartered in the European Union, chances are that your privacy organization has been limited to one or two lawyers, and maybe a data security expert. This small group has probably been tasked with making sure the firm is in compliance with local laws, and with writing and managing onerous and impenetrable consumer-facing privacy policies. In other words, these teams have worked to keep the company out of legal trouble.
But data privacy, collection, and use practices are becoming more visible, to regulators, to media and ultimately to individuals. And as a result, firms need a different kind of privacy organization to meet the need for transparency head-on.
So tell us, has your privacy organization changed in the past few years? Are you staffing it with new skillsets? Creating more dotted lines to teams like marketing, product development, etc? Changing from a compliance-focused organization to one poised to capitalize on privacy as a market differentiator?
If so, my colleagues, Heidi Shey, Enza Iannopollo and I would love to hear from you for current research we're working on. Reply here, or email firstname.lastname@example.org, and THANKS!
Trust is the most critical component to develop and maintain a healthy brand. Customers are more likely to trust experts, friends and relatives than marketing campaigns. That’s why it matters to deliver the experience you promise and to build a trusted community around your brand.
As marketers will need to use more personal data to power mobile and contextual experiences, we expect consumer distrust for brands to increase
No matter how quickly wearables and connected objects emerge in the next 10 years, mobility has already introduced a paradigm shift: the ability to collect and use data about individuals in the physical world. Mobility will change the nature of the data marketers can use and act upon. Data collected via mobile will be much more sensitive, more personal and more contextual. Via sensors on wearables or smartphones, marketers will access data on our bodies and our whereabouts in real-time. This represents a huge opportunity for marketers to power better marketing across all channels not just mobile. Mobile and connected objects will not only change the nature of the data marketers can access, it will also bring privacy concerns to the physical space and it risks breaking anonymization.
Together with my colleague Fatemeh Khatibloo, co-author of the report, we digged into our Technographics data to better understand consumers’ perceptions on mobile privacy. We also conducted many interviews to discuss with marketers, vendors, and regulators how they approach mobile data and privacy. Here below are a couple of facts we learnt:
Open data is critical for delivering contextual value to customers in digital ecosystems. For instance, The Weather Channel and OpenWeatherMap collect weather-related data points from millions of data sources, including the wingtips of aircraft. They could share these data points with car insurance companies. This would allow the insurers to expand their customer journey activities, such as alerting their customers in real time to warn them of an approaching hailstorm so that the car owners have a chance to move their cars to safety. Success requires making logical connections between isolated data fields to generate meaningful business intelligence.
But also trust is critical to deliver value in digital ecosystems. One of the key questions for big data is who owns the data. Is it the division that collects the data, the business as a whole, or the customer whose data is collected? Forrester believes that for data analytics to unfold its true potential and gain end user acceptance, the users themselves must remain the ultimate owner of their own data.
The development of control mechanisms that allow end users to control their data is a major task for CIOs. One possible approach could be dashboard portals that allow end users to specify which businesses can use which data sets and for what purpose. Private.me is trying to develop such a mechanism. It provides servers to which individual's information is distributed to be run by non-profit organizations. Data anonymization is another approach that many businesses are working on, despite the fact that there are limits to data anonymization as a means to ensure true privacy.
Industry analysts know that major M&A deals, product announcement, and organizational changes can come at any time. But it still surprises us a little when a major player like Oracle announces a significantacquisition just days before Christmas. At any rate, Santa has come early for both Mr. Ellison and the Datalogix team this year.
We've just published a Quick Take on our perceptions of the deal, which holds a lot of promise. Our biggest concern? Realizing that promise requires some serious integration work, and so far, Oracle hasn't proven that it's especially capable of integrating the stack it's acquired for the Marketing Cloud offering. We also worry that Oracle's Data Cloud -- where Datalogix will sit -- is heading directly for a major privacy warzone. Whether Oracle is ready for that battle remains to be seen.
But the bigger picture is this: the Datalogix and Bluekai acquisitions, along with many others of the past year -- including Conversant by Epsilon, LiveRamp by Acxiom, and Adometry by Google -- are evidence of a fast-consolidating marketing and advertising technology landscape. 2015 will doubtless bring more M&A activity in this space, with a likely run on smaller technology and data vendors that have mostly been flying under the radar. What this race for the ultimate "marketing cloud" will mean to CI pros remains to be seen, but you should certainly anticipate plenty of shakeups in your vendor relationships over the next 18 months.