“Collective fear stimulates herd instinct, and tends to produce ferocity toward those who are not regarded as members of the herd.” Bertrand Russell
Remember the early part of the century when we printed emails at will without regard to the harm the extra printing was causing to the environment?
There was a gradual realization by businesses that this was a value held dear by consumers, and as such, the business has been on a slow march to prove their green credentials as a badge of honor. It is now almost unthinkable that a company does not have a ‘green’ policy embedded at some level within the organization. This is because enterprises realize the value of meeting customer expectations for this behavior, and consequently be awarded by customer loyalty.
Now that CCPA is here, with a raft of state and international Privacy legislations to follow, something is happening to the enterprise psyche with regard to Privacy. Enterprises have to care and at a pace that will be much faster than adherence to Green credentials. This is because the lack of caring will have a more direct impact on customer loyalty, and fines associated with not caring.
In Privacy, technology has essentially fallen into 2 arenas—mapping/Management of Privacy workflows and Discovery. There are now so many commoditized solutions in this space; it should almost be free. And the adoption of these technologies by companies should be applauded. This is a good start, a rapid start – but not far enough to prove your ‘Green’ credentials.
In leveraging these highly commoditized first generation ‘mapping sold as discovery’ technologies, enterprises are being fooled into believing that as long as they have something, they can prove they are making their ‘best effort.’
This isn’t true.
What about the ongoing discovery of uses of personal data – even if you did not know it existed – this is impossible to do with a technology that requires manual updating and mapping? This outdated ‘mapping sold as discovery’ technology relies on the enterprise loading the system with identified uses of personal data – the system approach. This is not scalable, repeatable, or sustainable, and this first generation tooling does not protect your brand against fines by the regulators in the case of a breach.
Because now there is a technology that analyses real-time network behaviors to fully understand up-to-date usage of sensitive data, best efforts can’t be claimed. Regulators will expect more. They expect you to have full control over your data, and not put your hands up and say – well ‘we bought what everyone else was buying,’ how can we be held accountable? It’s a foolish and dangerous game to play. Regulators and customers expect more, and we are here to tell the market what to expect.
Regulators and the government are here to instill expectations for enterprises regarding how they should handle personal data. Fines will instill fear in consumers about whether a company has control over their data, and will hurt those that don’t properly look after their data.
The Privacy climate is changing.
Enterprises need to adjust to the new Green.