An article by Berkshire Hathaway Specialty Insurance senior counsel Kate Browne and assistant vice president Sean Clifford details seven ways new data privacy regulations will influence how organizations manage cyber risk.
1. Compliance will become more complicated.
Since the European Union's GDPR was implemented in 2018, more than 60 countries have enacted or considered privacy and data protection laws. Research company Gartner predicts that by 2023 65% of the world's population will be covered by privacy regulations. 25 states and Puerto Rico have followed California in introducing data privacy legislation. Specialized expertise will be needed to comply with all these laws.
2. Compliance will be a competitive advantage.
Organizations that prioritize data protection will gain customers.
3. Privacy will get more attention from executives and board members.
In mergers and acquisitions (likely to increase post-quarantine) companies will look to a target's data protection practices. Companies doing business in the European Union or California will need to comply with GDPR and CCPA.
4. Privacy and data security will be more closely integrated.
With a larger "attack surface" because of mobile devices and work from home, companies will need to integrate data privacy into applications. There will be a growth in artificial intelligence powered data management solutions.
5. Data privacy will change product engineering.
Instead of an "all or nothing" model of data collection, software programmers and developers may create products that deliver personalized data protection. Organizations may be able to adjust the type and amount of data they collect on users. Website and app developers may build products that allow users to customize their privacy settings. Collaboration between developers and privacy counsel can anticipate and prevent privacy issues from arising.
6. Managing third party risks will require transparency and enhanced assessment of vendor security practices.
7. The cyber insurance market will respond to changes in data protection laws.
As this article shows, privacy risk management is increasingly important.