Establishing Trust in 2021: Innovation and an Imperative for Embracing Data Privacy, Transparency and Security
From Covid-19 to the SolarWinds cyberattack, 2020 delivered many blows to public trust. Founders need to take the lessons learned and ensure they are not part of the problem.
Opinions expressed by Entrepreneur contributors are their own.
From Covid-19 to the SolarWinds cyber attack, 2020 delivered many blows to public trust. We have been bombarded with misinformation and data breaches, leading us to wonder about the privacy and security of our sensitive personal and organizational information. These events have magnified the lack of trust people have in everything from government agencies to brands both big and small.
Within this 2020 problem lies a 2021 opportunity. The new year provides founders with the opportunity to get creative and solve the issues that this broken trust has engendered – and also ensure that you are not part of the problem. That begins by addressing the breakdowns in three areas: data privacy, transparency and security.
There has always been a need for protecting private data, but long gone are the days when sensitive customer documents were locked in a filing cabinet at the end of the workday. In our digital world, customers share more information about themselves than ever across a variety of platforms; however, there is confusion over who is responsible for data privacy. In a Cisco Consumer Privacy survey, nearly half of respondents felt it was the government's responsibility, while a quarter believe consumers should do more to protect their personal data, and only about one in five thought it was up to the companies who collect, process and store the information to keep it safe. Data privacy laws, such as GDPR and CCPA, have put greater onus on organizations to ensure data privacy. In fact, Gartner predicts by 2023, 65 percent of the world population will have their personal information protected by data privacy laws. The fines and other business impacts, such as reputational damage leading to lost business, make companies keenly aware of the importance of maintaining data protection.
Most startups do not meet the minimum criteria necessary to be compliant with data privacy regulations, but that does not give founders a free pass to ignore data privacy protections. Rather, meeting data privacy requirements from the beginning will ensure your company is prepared as it scales and as new privacy laws are introduced. Adding technology that categorizes data while reducing redundancy prepares you for consumer requests to be forgotten or verify what data is held. It is also important for you to consider what data is valuable to retain and what can be discarded. There should be governance over the data, either by designating a person, adding technology or by enlisting a third-party firm, so that privacy can be maintained appropriately and requests from customers can be immediately addressed.
Transparency is an important requirement in data privacy compliance. GDPR articles state that answers to customers' questions surrounding their data will be made in a "concise, transparent, intelligible and easily accessible form, using clear and plain language." Companies will need to be able to answer the following:
- Who is responsible for data governance and privacy? Is there a designated responsible individual responsible for this information?
- Are you prepared to share all contact information on request?
- Have you defined the purpose for holding consumer personal data?
- How long will it be kept? How is it currently processed?
- Will the information be transferred to a third party?
Although these questions are specific to GDPR, (which any company doing business with EU residents is required to follow) this level of transparency should be standard for startups. It only stands to foster loyalty among customers, partners and investors.
Wanting to be transparent in how data is used is one thing. Having the ability to be transparent is a greater challenge. Entrepreneurs will want to look at the technology that is available to address this problem. Data is useless if you do not know what you have and how it benefits you. Achieving the transparency required in data privacy laws will give you better insight into your data overall. Data transparency solutions allow you to explain not only why you are holding consumer data but also how it can provide your company with improved business agility. Ultimately, businesses with their data in order can not only comply with the law but also offer richer customer experiences.
Work from home during Covid-19 has led to an increase in data breaches, with 20 percent of breaches and cyber incidents in 2020 directly related to remote work. There have even been data breaches directly correlated to the pandemic, such as the attack on the Small Business Administration that revealed the information of those applying for emergency loans from the government.
There is no question that data is under attack. It is up to businesses to take action to protect it. This is much harder to do when your company is small, you have limited resources and your workforce is accessing the network on personal devices from all over the world. There are basic rules that must be applied, such as using multi-factor authentication to access all company and customer data and enforcing strong passwords (the SolarWinds attack relied on weak passwords to get access). VPNs offer more secure connections than home routers, and encryption should be used for any sensitive transmissions. Cloud technologies like Security-as-a-Service offer accessible security management for workers wherever they are, and tools that offer security on the edge will provide protection directly for the data, whether it is on the network or access on a smartphone through the cloud.
In 2020, you were forced to readjust your approach to data protections quickly using the solutions that were available. In 2021, there is an opportunity for founders and entrepreneurs to take the lessons learned and build trust, whether through the development of innovative solutions or by ensuring your startup is able to hold itself to the highest standards of data protection.