By 2025, privacy lawsuits and claims related to biometric data processing and cyber-physical systems will result in more than $8 billion in fines and settlements, according to Gartner, Inc.
“Autonomous vehicles, drones that capture video, smart buildings and smart cities are cyber-physical systems that capture biometrics of all kinds,” said Bart Willemsen, research vice president at Gartner.
“The collection and storage of biometric information is gaining, whether in the form of fingerprints, iris scans, remote recognition of face, gait, voice, or even DNA samples. But this information has huge potential to be misused or abused,” Willemsen added.
During his session at the Gartner Security & Risk Management Summit, taking place virtually in the Middle East, Willemsen said that new privacy laws cover the capture, conversion, storage and processing of biometric data, and can even apply to face tagging technology in social media. They may also come with a retention regime, and may prohibit selling, leasing, trading or profiting from biometric data. Some prohibit the usage of biometric information in certain use cases altogether.
“In such cases, it is important that security & risk management leaders and privacy leaders consider alternative, less invasive means to achieve the intended purposes, explaining all necessary information to the customer without any caveat,” added Willemsen.
Through privacy portals and intake forms, several multinational, consumer-facing firms are actively shifting toward a self-service model. Their goal is not just to avoid regulatory penalties, but also to increase consumer trust and sustain favourable brand emotion.
Privacy Budgets Will Increase, Allowing Privacy to Shift From Compliance to Competitive Advantage
Gartner forecasts that by 2024, the average yearly budget for privacy in major enterprises would top $2.5 million, facilitating a transition from compliance ethics to competitive differentiation.
Budgets for privacy have risen steadily from $1.7 million in 2019 to $2 million in 2021, and are likely to rise more. The quick surge in internet engagement, remote working, and virtual learning heightened cyberthreats. With the increase of privacy legislation activities across dozens of countries over the next two years, many firms will recognise the necessity to begin their privacy programme efforts immediately.
Gartner recommends that organizations first gain full control in detail over all personal data processing activities before they can hand over that control to the individual. One way to do that is through privacy rights and consent management services.
“The customer will experience the difference between having to wait weeks for an incomplete answer, or within seconds have full access to the answer to the question ‘what data does an organization process on me?’. That difference is where trust is gained or lost,” said Willemsen.
Organizations are moving away from compliance-driven work and toward customer-centric activities, depending on the maturity of their privacy programmes. For example, allowing customer experience specialists to address consumer concerns about lack of transparency and automating the privacy UX, or providing access to privacy rights to all worldwide clients, whether they have to or not, and treating customers globally equally.
Gartner clients can read more in “Predicts 2022: Privacy Risk Expands.”
