The new normal for data privacy:

By | 4 minute read | December 3, 2019

5 lessons for security leaders from the IBM-sponsored Harris Poll Global Data Privacy Consumer Survey[1]

At IBM, we are committed to delivering the cloud you want, with the data privacy and security you need.

Today, IBM LinuxONE, an enterprise platform for Linux, and IBM Hyper Protect services are deployed in all kinds of companies worldwide who value encryption everywhere. It provides security at scale across the hybrid multicloud where consumers demand it. LinuxONE is running mission-critical workloads at cloud providers, manufacturers, blockchain builders, healthcare companies, fintechs, crypto exchanges and more.

LinuxONE services are embedded in the IBM Cloud for the industry’s most secure public cloud services for business, delivering data security innovation. IBM Data Privacy Passports, currently in beta, offers data privacy solutions for the hybrid multicloud protection that only we offer.

Recently, we sponsored a survey where Harris talked directly to consumers, to understand how data privacy is shaping up for them and to understand the kinds of pressure they in turn place on the companies they choose to work with. What we found defines a “new normal” for data privacy with global consumers, with implications for security leaders, including the BISO’s and CISO’s offices and security practitioners.

As a note: the survey was completed by the Harris Poll in August 2019 in 11 countries, across over 11,000 respondents, amongst the general public of age 18 and over. Data was collected from Australia, Brazil, China, France, Germany, Italy, Japan, Singapore, South Korea, the UK and the U.S.

5 lessons from global consumers who responded to the survey — and implications for IT security leaders

1. Consumers have often been the victim of a data breach. 57 percent of consumers on average have either had their personal data compromised or know someone who has. This figure varies quite a bit between geographies – for example, in China, that figure is 81 percent and in Japan, that figure is 31 percent.

CISO Implication: When the majority of your consumers are saying they are experiencing data breaches, it’s time to admit that data breaches are inevitable — and to plan for risk mitigation in addition to breach elimination.

2. Consumers are savvy — they know their data is being shared with third parties. In most countries, 7 out of 10 consumers are aware their data is being shared. Across all countries surveyed, 81 percent believe that they have lost all control over how their personal information is being used by companies.

CISO implication: Have a privacy policy for your sensitive data and your customers’ PII, but make sure it is implementable. With so much data floating around, quick actions from the IT department will speak louder than quick words from your PR agency — especially if those actions were preventive and addressed the risk from the breach.

3. Consumers expect and value data privacy — it’s part of the value exchange you give them. They now state that protecting their data is as important, or slightly more important than the underlying product quality itself. For example, in Singapore, consumers rank how the company protects their data 14 percentage points higher than the quality of the product in terms of value exchange.

CISO implication: Give your application development leaders practical guidance and encourage a DevSecOps strategy. Enterprise cloud services that enable data protection and privacy should be seamlessly designed into product development and into your environment.

4. Consumers expect more accountability — and are acting on it. Consumers consider the company that initially received the data as most responsible for that data and how it’s being handled. In China and Singapore, consumers hold their governments most responsible for their data.

Consumers are dissatisfied with the status quo — enough so that they are taking actions to protect their privacy. How?

  • 60 percent have opted not to work with a company due to concerns about whether they could keep data secure.
  • 83 percent said that if the company shares their data without permission, they will not do business with them.
  • 82 percent say that they think about whether they trust a company to keep their information safe before they buy from them.

CISO implication: Your ROI calculations for a data security investment should consider potential revenue lift associated with consumer trust. The converse is, you must also consider that consumers may be reducing usage with you, and possibly choosing your competition due to privacy concerns.

5. With more control of their data, consumers would be willing to share more data. 75 percent of the public in the majority of countries surveyed would be more willing to share information if there was a way to fully take back and retrieve their personal data. In China and Japan, the figure was about 60 percent.

CISO implication: Data is the fuel for business model innovation, so when consumers share more data with you your potential for revenue growth rises. That’s why data access revocation and retrieval must be actionable and automated, and you should have a policy that addresses data breaches and unauthorized access or copies.

We see that there’s a potential ROI to this: you can protect your bottom line through cost avoidance of data breach clean-up to grow your top line with revenue lift associated with more data and more usage.

What do you think? If these findings resonate check out more about LinuxONE and its security capabilities here.

[1] 2019 IBM and Harris Poll Privacy study, commissioned by IBM