• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
  • Editorial Calendar 19-20
BW Businessworld

Know Me, Forget Me: The Life and Times of Personal Data in the Digital Age

Companies should never take customers and their data for granted, and understand the legitimacy behind customers’ right to be forgotten

Photo Credit :

Data can be used for good or bad, depending on whose hands it is in. In a fantastically connected universe where digital data streams run millions of applications on the Internet, the assumed goodwill on personal data protection needs a rethink. In today’s digital age, when personal data has become a precious commodity that helps companies target and serve customers at a granular level and monetize it to bits, the larger question is how should companies handle personal data that the trusting customer shares, and why the customer should be honored with the right to be ‘forgotten’ once she exits the platform?

Customers have mostly been unaware that one’s actions, preferences, and deep-seated desires are stored in packet sized files that can not only be monetized, but can also be easily stolen. When personal data breaches happen, they fall under two categories: It could be a government or legal entity demanding disclosure, or could be malicious rogue actors and hackers. Companies handling personal data of customers are caught in a Catch-22 situation. While on the one hand, companies seek control of personal data to craft highly individualized, targeted delivery models to achieve powerful and positive business results, they cannot waver from their tightrope walk of upholding the customer’s right to privacy. Irony indeed! 

Every year, incidents of personal data breaches by accident or by hackers are on the rise, exposing them to malicious forces who could do anything from targeted selling to even swaying national elections. Data Breach Level Index, published by global digital security company Gemalto paints a grim picture. In the first half of 2018 alone, as many as 3.3 billion records were breached, a staggering 72 percent increase from the same period in 2017 though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of each incident. Over 56 percent of these records were on social media incidents, and 42 percent of all data breach incidents involved identity thefts. Only 1 percent of all stolen data was encrypted, which rendered the breaches harmless. Global spending on data security is rising too – estimated at $91.4 billion in 2018, which is expected to exceed $120 billion mark by 2020, according to IDC

Breaches are costly, and damaging to entire companies and governments, with far-reaching repercussions. According to Identity Theft Resource Center, in October 2018 alone, 11 breaches exposed 1.35 million US government records. In 2017, banking major Wells Fargo accidentally exposed details of at least 50,000 of its wealthiest customers, violating a score of laws. Data miner and analytics company Cambridge Analytica was accused of having worked to sway the 2016 US presidential elections by means of targeted message campaigns. While on the one hand, Facebook holds a whopping 300 petabytes of personal data from its 2 billion members, it also combines its data with third-party data for micro-targeted campaigns, exposing several grey areas in the ways of handling personal data. 

Businesses should move to a model in which individuals hold complete control over their personal data, which would only be used on an as-needed, temporary basis after complete consent. Companies should also identify data theft risks, and stay guarded by mastering the ethics of how to hold, encrypt, anonymize, obfuscate, and mask data. More importantly, 

companies should know when to expunge all personal data when a customer exits, leaving no embers that could kindle anything undesirable. The recently enforced General Data Protection Regulation (GDPR) is a strong step in this regard, as it mandates companies to ‘forget’ personal data when not required, with huge liabilities during non-compliance.

Despite the heavy clouds looming, data is always inherently good, provided it is used wisely. While in retail, it paves the way to superbly crafted shopping experiences with ample help from artificial intelligence and machine learning, in healthcare, fine grain profiles of patients help in better diagnosis, treatment and prediction of diseases. Alternate models of data ownership built on blockchain technology also hold the promise of allowing customers to not only control and manage, but also monetize their personal data.

Looking ahead, it helps to realize that we are at the tip of the iceberg with third-party aggregators, and yet to ascertain the complete impact of such data sharing on businesses and individuals. We are also in the early days of harmful, far-reaching and intensely coordinated data breaches, and it is high time companies act proactively to stop them. Despite GDPR, data protection laws and regulations are still in their infancy, and there is a long way to go. For companies, the action plan could be a four-pronged approach of how to deal with customers’ personal data: Transparent acquisition, secure holding for as long as it is required, ethical use, and proactive erasure of all personal data immediately after the contract expiry. 

Companies must be transparent from the start of any customer engagement, and make individuals aware right from the start, as to what is being collected, what it will be used for, and for how long it would be held. Companies can pursue differential privacy, where only the absolutely required data is captured, and opt-outs provided to empower the customer. More importantly, any data that would seemingly threaten an individual, such as political choices, or opinions must never be collected. 

While holding data securely, companies should evaluate and consider all risks involved. When risks are well judged, companies can then seek data that is truly essential, and leave out the rest. While holding the data, all steps must be taken to proactively safeguard against all security breaches, with backups and corrective mechanisms in place. Companies should then establish and maintain the customer’s trust. Only when required, they should comply with requests from governments for data share for stipulated timeframes. Lastly, companies should never take customers and their data for granted, and understand the legitimacy behind customers’ right to be forgotten.

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.

Tags assigned to this article:
cyber attacks Digital Age

Aan S Chauhan

The author is Global Chief Technology Officer, Cognizant

More From The Author >>