Your phone. Your smartwatch. Your smart home. Your data is now everywhere. Collecting personal data makes services better for the user, but over the past decade, multiple cases have demonstrated the risk.
In privacy, you never step in the same river twice. Concerns, threats and priorities are always changing. What privacy hazards will we see in the coming decade, and how should your business prepare?
1. Governments will allow themselves to access more of citizens’ data
It’s already happened, but in the next decade, governments around the world will adopt laws that let them access more of citizens’ data.
They may cite many reasons, including terrorism, instability and the already widespread use of the same data by business.
2. The gap between regulation and the real world will only grow
While the rationale for it is clear, enhanced access to people’s data carries risks, such as unauthorized access and leaking information.
It will be a big challenge for regulators to keep adapting regulations at the same speed as new technologies come into play. Companies have been slow to change how they’re dealing with user data. The only recent significant change has been asking users to consent to how the company will use their data, now mandatory in many countries. We don’t see any strong trend toward adding security to protect sensitive user data. There’s already a growing gap between regulation and real-world practice, making regulation seem toothless.
3. Counter-tools will fuel a privacy cyberbattle
The trends I’ve already mentioned will encourage innovators to develop privacy protection technologies. The tech-savvy will adopt these, and more technologies will arise to circumvent them. It will be a privacy cyberbattle.
Meanwhile, users will become more proactive about their privacy. There’ll be high demand for password managers, virtual private networks (VPNs) and tokens (automatically generated codes) for two-factor authentication (2FA).
However, protection mechanisms like 2FA tokens and password managers are just at the endpoint. Attacks and misuse are often at the backend. These tools protect the local environment, but they don’t protect against attacks and abuse of systems such as the cloud. And as cloud-based tools go from being leading-edge to indispensable, all employees will need to understand where the risks are. VPNs protect against some data collection (real IP-addresses, geolocation) but don’t protect against users voluntarily sharing data with services like Google and Facebook.
4. We’ll keep getting fooled by fun
The enduring popularity of amusing online games, quizzes and applications that make giving out personal information fun for the user shouldn’t be underestimated.
Cybercriminals can use this strategy to attack businesses, targeting employees for personal information, and using it to access business systems and data.
5. We’ll see new attacks on democratic process and protections against disinformation
These attacks have been with us for many years, and there’s no reason for them to stop. Technology for fake visual and audio IDs already exist, and with the political pendulum of a US presidential election, these will bring undesired attention and abuse from multiple parties.
But where there is action, there is also reaction – we can count on new ways to withstand those who wish to manipulate the public.
6. Internet of Things (IoT) vendors will scale up security investment
This activity will push vendors to a new level of collaboration for the sake of security. Amazon, Apple, Google and the Zigbee Alliance have announced they’re creating a working group to develop and promote a royalty-free connectivity standard. This will increase compatibility among IoT products and embed fundamental security. I hope others will follow their lead.
All in all, we’re looking at an interesting decade ahead for privacy. The challenges will be significant. Businesses will be a key player in securing the privacy of both their employees’ and customers’ data.
Let’s hope solutions from innovators follow fast on the heels of each new threat. In the meantime, by putting in place adequate, regular privacy training and cyberthreat education for all employees, any business can be part of the solution.