Building a privacy-first organisation in the age of AI

With consumers increasingly aware of both the value of their data and of the threats to it, it’s never been more crucial for business leaders to respect user privacy. South Africa’s Information Regulator has stated that local companies report at least 100 cyber security breaches every month. From October 2022 to June 2023, the regulator has received 1021 data breach notifications, averaging 113.4 incidents every month for the period noted. Business leaders must embrace transparency and emerging technology to find a balanced approach which respects private data while still delivering innovative services.

Emerging technology will also have a crucial role to play when it comes to harnessing data on a large scale. Every second, every person on Earth generates an estimated 1.7 megabytes of data, and this is growing with each passing year. Technologies such as artificial intelligence (AI) and edge computing will be crucial to taming data of this size and delivering the intelligent, personalised services consumers desire. The future of data privacy is tied closely to these emerging technologies, with edge computing helping to control where data is processed, and AI offering both opportunities and challenges in privacy terms. Emerging technologies such as anonymisation, federated learning and homomorphic encryption may also help business leaders to put privacy first.

For business leaders, failing to navigate data privacy can lead to harsh financial penalties and a lack of consumer trust. If businesses are serious about upholding privacy, they must work closely with security experts, regulators and third-party partners to plan out their path, and build privacy into everything they do. 

Privacy at the edge

Both AI and edge computing are going to change the way the world thinks about personal data protection. Edge computing, with its decentralised processing ability, offers significant potential to boost privacy. By allowing data to be processed closer to the source, it means, for example, that a camera system can record footage, but only forward anonymised data to the cloud for processing and storage. By reducing the need to transmit and store potentially sensitive data, edge computing can minimise the risk of leaks.

Business leaders must deploy artificial intelligence with care. It holds the potential to boost cybersecurity by detecting anomalies, for example, but also sparks legitimate concerns about the potential misuse or leakage of sensitive data. For example, generative AI systems often have no way to ‘delete’ information, potentially posing problems in terms of the right to be forgotten. Business leaders must ensure that their adoption of AI incorporates robust security features, and that strict data hygiene is enforced around identifying data to ensure AI can be used safely. Used carefully, artificial intelligence holds vast potential to boost user experience, but business leaders need to ensure privacy is central to their AI strategy.

Putting the user first

Clarity and transparency are essential when it comes to user privacy. Business leaders must ensure that customers are clear about when their data is being collected, and equally clear on how it will be used. This is essential both for compliance with regulations, and to build user trust. 

User education is also crucial. Business leaders should respect the intelligence of consumers and furnish them with the information necessary to make their own informed decisions about data. Data privacy policies must be transparent, and individuals must be empowered with the ability to access, correct, and request deletion of any data that the organisation holds. To make this all work smoothly, it’s essential to establish and regularly update comprehensive data governance policies, ensuring that these align with the requirements of privacy laws such as the Protection of Personal Information Act (POPIA).

Building a privacy-first organisation

Building a privacy-first organisation requires conversations with everyone from employees to third-party organisations. Fostering a culture of data security requires employees to be well-informed on the basics of privacy and storage, such as using strong passwords and recognising the hallmarks of a phishing attack. This should be combined with incident response planning and regular audits to ensure that the entire organisation is poised to deal with incidents and that employees have a full understanding of the importance of data security.

Ensuring that data remains secure can also require difficult conversations with third-party organisations. Third-party relationships must be managed to ensure that external vendors adhere to the very strictest data privacy standards. Cybercriminals are always looking for the ‘weak link’ in the chain, whether that is a legal company, an accountant or a software supplier, and any security lapse by a third party will reflect badly on any company using their services. 

With regulations changing around the world, it also pays to seek expert advice to ensure compliance, and to bolster awareness of emerging cyber threats. Collaboration with legal and cybersecurity experts can help business leaders to navigate an ever-changing landscape, and help customers to maintain their own high data privacy standards. Businesses should also be aware of emerging technologies to help balance data analytics and individual privacy. Federated learning, where machine learning models are trained without sharing data, may grow in importance, along with technologies such as homomorphic encryption, where data can be processed without being decrypted. More broadly, technologies such as anonymisation are expected to evolve rapidly to safeguard consumer data.

A more secure future

Business leaders should ensure they engage with technology in a way that respects user concerns around data, and aim to balance privacy, usability and innovation. The ‘people’ aspect is crucial, with transparent communications helping consumers to make informed choices and conversations with third parties increasingly necessary as regulations around the world evolve. Making the right technology choices around data governance, anonymisation and AI is central to this, helping to build privacy-first organisations fit for the world of tomorrow.

Words by Dean Wolson, General Manager – Infrastructure Solutions Group, Lenovo, Southern Africa

Reframed is your trusted source for in-depth insights into the ever-evolving world of technology. We delve into the business and culture of technology and the impact it has on life, culture, society and the way in which we work and communicate.