The digital revolution has created a giant leap forward in technology, but it has taken a toll on individuals’ privacy. The digital world has existed for decades, and still most of us know very little about the extent to which our privacy has been invaded. For example, we may wonder how TV ratings come about when no one has ever contacted us directly regarding our viewing and/or listening habits. The truth is, when a person has his or her television or radio on, companies are collecting digital signals that reveal their viewing habits without them knowing. Ratings drive advertising revenue, determining where companies place their marketing budgets. Their business relies on our data.
Commercial enterprises, political campaigns and governments gather individuals’ personal data and use descriptive, diagnostic, predictive and prescriptive analytics to determine past and future patterns.
Digitization makes information discoverable forever. When an entry is made in the digital world – an inquiry or click on a website – a digital fingerprint remains. People have been sending emails and texts for decades without fully realizing the digital imprint they leave behind, even after the communication is deleted. Increasingly, we are aware that these communications can be used as evidence in lawsuits, considered as reference points by employers or scrutinized for national security purposes.
While individuals may acquire limited privacy rights with the often-encountered language prior to the “I agree to the terms and conditions” clause on the internet, these rights are eroded by the limited recourse people have if confidential information is jeopardized by cyber-attacks. Recovery of information and privacy is often minimal in these cases.
Of course, it is possible thwart attacks with sophisticated cyber prevention programs. To protect their customers’ privacy, enterprises must continually enhance their cybersecurity plans. Organizations today must develop a threat playbook and clearly communicate it to employees, contractors and temporary contractors at their start date and on an annual basis. Website visitors are not exempt from knowing a company’s security and privacy policies.
If a cyber-attack does occur, entities must quickly take action to mitigate the threats and make plans to prevent future occurrences and communicate to those effected as to the event and what they must do for next steps to prevent further loss.
ISG helps enterprises conduct security assessments, build control frameworks, and find and negotiate successful relationships with domain-specific security providers. Contact us to discuss how we can help you protect your customers’ privacy in the digital era.