On the occasion of Data Privacy Day 2021, TECHx goes one-on-one with Houssem Jemili, Partner at Bain & Company, Middle East to discuss recent data privacy trends & how Bain & Company contributes to the future of the regional data privacy landscape.
TECHx: How do you think people’s concerns have evolved about data privacy over past years? Where we are now and where we are going?
Houssem: Historically, public concerns have been quite low about many aspects of data privacy – the internet and social media have spread far and wide and people are used to sharing many types of data. Of course, some data has always been more zealously protected – consider financial data and health records.
But this is changing. Public breaches, and loss of personal data by firms, are increasingly common and get a lot of publicity – and so people are slowly becoming more sensitized and careful – but it is quite a slow shift, unfortunately.
In many jurisdictions, regulators are ahead of public opinion and enforcing stricter regulations. In the EU, GDPR has set a ‘gold standard’ for the protection of data, with stiff penalties handed out to organizations for the egregious shirking of their new responsibilities. This ‘gold standard’ approach is likely to become the norm in many jurisdictions around the world. With modern marketing methods, personal data is becoming more valuable – and can increasingly be used in fraud and cybercrime. By ratcheting up the regulatory side, authorities are taking an important step in trying to tackle a part of the problem at the source.
TECHx: How do you enable organizations in the region to protect their data? What role can your company play in the future of the regional data privacy landscape?
Houssem: Data privacy is often seen through a legal lens first and foremost, and law firms and specialist organizations are often the best places to advise on local regulations.
Related to data privacy, at Bain, we can help clients with cybersecurity strategy, planning and improvement, where we work with leading multinationals and governments to help them improve their cybersecurity capabilities, as well as helping to solve complex technology and systems related challenges.
TECHx: Considering the immense increase in cyber-attacks, what do you believe will be the key trends and developments likely to emerge in data protection over the coming years?
Houssem: Effective cybersecurity is essential to protect an organization’s critical assets – which generally fit into one of three categories (systems, data, and operational assets (such as manufacturing locations, or networks)). Most companies are not as strong as they should be at cybersecurity – our research shows, for example, that only 50% of large companies comply with even simple best practices for cybersecurity and are far from the sophistication needed in today’s world.
There has been historic underinvestment – but now, with increasing strategic moves to use digital approaches to transform their businesses, companies are waking up to the fact they need to get a lot better at cybersecurity, as they become more exposed to cybercrime through their digitization efforts.Therefore, we expect companies to continue to invest more in cybersecurity and increasingly address the typical underinvestment and be better prepared for an increasingly digital world. And a key part, this is better protecting critical data of all types. But the gap is large – a typical company will take years to raise the level of their cybersecurity maturity from where it is today to where they need to be for our increasingly digital world.
TECHx: What advice you would like to give to individuals, corporations, large institutions and other holders of data for moving forward productively?
Houssem:Companies and institutions should do a few key things:
- Ensure they comply with all relevant data privacy legislation – this is an absolute minimum, and most companies will want to do more to better protect their customers and themselves
- Look to the gold standard of GDPR – while it may not be legally in force in your jurisdiction, is it a good indication of things to come, and maybe a better standard to aim for, for managing sensitive personal data
- Invest in your cybersecurity – properly assess your current cyber maturity, and ensure you have a robust and funded plan to increase your cyber maturity if needed (which it will be in most cases) – and do it soon, don’t delay, as the gap may be large
For individuals, the main advice is:
- Follow the security advice of your bank and other critical service providers – use complex passwords, do not write them down, install good quality protective software on your home systems etc. – it is necessary these days to educate yourself on such topics
- Be mindful of what data you share with organizations, and what you post on social media – you can guarantee that such data is harvestable and can make fraudulent activity against you much easier to perpetrate; cybercrime is rapidly growing – let’s not help it!