Privacy is a competitive differentiator in the market, much like safety in cars. In the past, companies did not want to remind consumers that they were putting themselves in danger when they were driving, so there was pushback against including or marketing seatbelts. Until recently, there was a similar phenomenon with privacy—companies did not want to remind consumers that their data could be stolen or misused online, so organizations were reluctant about privacy messaging. However, as it became clear that consumers value their safety, physically or online, and take that value into consideration with their purchases and where they place their trust, it can become a competitive advantage for companies to consider when marketing their products.
In a recent episode of ISACA Live, Safia Kazi, ISACA’s Privacy Professional Practices Principal, hosted a conversation about privacy, emerging technologies and the ways in which these topics overlap in regards to digital trust. Kazi was joined by subject matter experts and members of ISACA’s Digital Trust Advisory Council Anne Toth, digital trust and tech policy consultant, and Michelle Finneran Dennedy, CEO of Privacy Code.
On the topic of Internet of Things (IoT) devices, Kazi said, “I think a lot of times the average person just doesn’t know about how much information IoT devices in their homes are collecting.” For those who are concerned about privacy in their homes regarding IoT devices with cameras, Toth mentions that most come with a shutter that can moved over a camera to disable it physically and ensure it does not work. Microphones often come with a comparable mute setting on the device itself. She encourages consumers to take an interest in and utilize such settings for increased safety and peace of mind.
“Is the device and the group of information collected? Is it trying to do something positive or negative for the many, for the any, or for the money?” Finneran Dennedy asked.
Technology is never neutral—it is always positive or negative, and it is up to users to constructively influence that balance, says Finneran Dennedy. The problem lies in the fact that these safety features often exist but are not properly communicated to consumers, so they have no idea how to take advantage of such settings. Kazi said that people also may not realize the privacy implications of the data they are feeding to AI by playing around with new and popular programs like ChatGPT.
“One of the biggest problems with machine learning and AI and the world we live in today is that the data is not representative of the population as a whole,” says Toth.
Well-intentioned AI does not work well for everyone. Toth explained that there is a lot of data being used to train AI, but in many cases, we do not have enough of the right data being used to train AI, or we have too much from one population and not from others. For underrepresented populations, this can lead to catastrophic results when AI is used for things that directly impact one’s life, like medical diagnoses or determining credit worthiness scores.
“All data is biased. All software is biased. It is created by us mere mortal humans,” said Finneran Dennedy.
There is a gap between the way that technology works and the way that the average consumer understands it, and it is growing exponentially, Toth observed. Not everyone has advanced knowledge of AI, for example, and they cannot know all the implications of every choice they will make in this regard. That is why we need laws and regulations to protect consumers, so they do not have to make an uninformed choice where they do not have the capacity to understand the consequences of that choice.
Kazi added, “The issues that we see as far as privacy policies being inaccessible might sometimes further disadvantage already marginalized groups.”
Privacy is more accessible to some groups than others. Documents are often written by lawyers for lawyers because they are primarily focused on litigation and similar cases, which means they are not designed for the average consumer. Toth went on to mention how cookie pop-ups are “the worst thing to happen to privacy” because they are interruptive, they do not work well in a mobile environment, and they are not representative of meaningful consent. They have also worn consumers down and made us so accustomed to clicking to get pop-ups off our screen that we are not paying attention to what they have to say, even if it is important.
Privacy is too often thought of as an after-the-fact compliance function for companies, but it should be thought of as a cornerstone of building a trusted relationship over a lifetime with a customer. If it is necessary to frame it as an investment, that lifetime value of the customer is a much bigger ROI for companies to consider.
“I don’t think that trust is something that you build. I think it’s something that you earn,” said Finneran Dennedy.
Editor’s note: For more privacy resources, including ISACA’s new Privacy in Practice Report, visit http://4p9w.lixubing.com/resources/privacy. To catch future episodes of ISACA Live as they premiere and to participate in the live chat, follow ISACA on LinkedIn.