Building a privacy-first organisation in the age of AI

By Marco Pozzoni, EMEA Storage Sales Director at Lenovo.

  • Friday, 16th February 2024 Posted 10 months ago in by Phil Alsop

With consumers increasingly aware of both the value of their data and of the threats to it, it’s never been more crucial for business leaders to respect user privacy. Data breaches are rising at an unprecedented rate, with more than six million data records exposed worldwide through data breaches in the first quarter of 2023. Regulations such as the EU’s GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) are also making it ever more urgent for businesses to ensure they have proper protections around consumer data. Business leaders must embrace transparency and emerging technology to find a balanced approach which respects private data while still delivering innovative services.

Emerging technology will also have a crucial role to play when it comes to harnessing data on a large scale. Every second, every person on Earth generates an estimated 1.7 megabytes of data, and this is growing with each passing year. Technologies such as artificial intelligence (AI) and edge computing will be crucial to taming data of this size and delivering the intelligent, personalised services consumers desire. The future of data privacy is tied closely to these emerging technologies, with edge computing helping to control where data is processed, and AI offering both opportunities and challenges in privacy terms. Emerging technologies such as anonymisation, federated learning and homomorphic encryption may also help business leaders to put privacy first.

For business leaders, failing to navigate data privacy can lead to harsh financial penalties and a lack of consumer trust. If businesses are serious about upholding privacy, they must work closely with security experts, regulators and third-party partners to plan out their path, and build privacy into everything they do.

Privacy at the edge

Both AI and edge computing are going to change the way the world thinks about personal data protection. Edge computing, with its decentralised processing ability, offers significant potential to boost privacy. By allowing data to be processed closer to the source, it means, for example, that a camera system can record footage, but only forward anonymised data to the cloud for processing and storage. By reducing the need to transmit and store potentially sensitive data, edge computing can minimise the risk of leaks.

Business leaders must deploy artificial intelligence with care. It holds the potential to boost cybersecurity by detecting anomalies, for example, but also sparks legitimate concerns about the potential misuse or leakage of sensitive data. For example, generative AI systems often have no way to ‘delete’ information, potentially posing problems in terms of the right to be forgotten. Business leaders must ensure that their adoption of AI incorporates robust security features, and that strict data hygiene is enforced around identifying data to ensure AI can be used safely. Used carefully, artificial intelligence holds vast potential to boost user experience, but business leaders need to ensure privacy is central to their AI strategy.

Putting the user first

Clarity and transparency are essential when it comes to user privacy. Business leaders must ensure that customers are clear about when their data is being collected, and equally clear on how it will be used. This is essential both for compliance with regulations, and to build user trust.

User education is also crucial. Business leaders should respect the intelligence of consumers and furnish them with the information necessary to make their own informed decisions about data. Data privacy policies must be transparent, and individuals must be empowered with the ability to access,

correct, and request deletion of any data that the organisation holds. To make this all work smoothly, it’s essential to establish and regularly update comprehensive data governance policies, ensuring that these align with the requirements of privacy laws such as the GDPR and CCPA.

Building a privacy-first organisation

Building a privacy-first organisation requires conversations with everyone from employees to third-party organisations. Fostering a culture of data security requires employees to be well-informed on the basics of privacy and storage, such as using strong passwords and recognising the hallmarks of a phishing attack. This should be combined with incident response planning and regular audits to ensure that the entire organisation is poised to deal with incidents and that employees have a full understanding of the importance of data security.

Ensuring that data remains secure can also require difficult conversations with third-party organisations. Third-party relationships must be managed to ensure that external vendors adhere to the very strictest data privacy standards. Cybercriminals are always looking for the 'weak link' in the chain, whether that is a legal company, an accountant or a software supplier, and any security lapse by a third party will reflect badly on any company using their services.

With regulations changing around the world, it also pays to seek expert advice to ensure compliance, and to bolster awareness of emerging cyber threats. Collaboration with legal and cybersecurity experts can help business leaders to navigate an ever-changing landscape, and help customers to maintain their own high data privacy standards. Businesses should also be aware of emerging technologies to help balance data analytics and individual privacy. Federated learning, where machine learning models are trained without sharing data, may grow in importance, along with technologies such as homomorphic encryption, where data can be processed without being decrypted. More broadly, technologies such as anonymisation are expected to evolve rapidly to safeguard consumer data.

A more secure future

Business leaders should ensure they engage with technology in a way that respects user concerns around data, and aim to balance privacy, usability and innovation. The ‘people’ aspect is crucial, with transparent communications helping consumers to make informed choices and conversations with third parties increasingly necessary as regulations around the world evolve. Making the right technology choices around data governance, anonymisation and AI is central to this, helping to build privacy-first organisations fit for the world of tomorrow.