ForgeRock has published the results of its global survey conducted by TechValidate, which found 93 per cent agreement among IT professionals that customer data privacy concerns are a critical issue at the C-level. Yet only nine per cent of IT professionals surveyed believe that current privacy and consent methods are adequate. When asked about the requirements for new methods, 96 per cent of surveyed IT professionals agreed that there is an increasing need for dynamic and flexible privacy tools that are adaptable to future borderless regulatory requirements and consumer expectations.
The survey also revealed regional differences between U.S.-based and EMEA-based IT professionals in their opinions about data privacy. While 85 per cent of U.S. IT professionals believe that the U.S. will eventually adopt personal data protection regulations similar to those of Europe, European IT professionals were more skeptical, with only 66 per cent agreeing that the U.S. would implement such regulations.
The survey of more than 300 IT professionals was commissioned by ForgeRock and conducted by TechValidate, an independent research organisation. The survey included responses representing 11 verticals, including healthcare, retail, telecommunications and finance, from 38 countries across North America, Europe and Asia-Pacific-Japan. The objective of the survey was to assess the role of data privacy and consent in building a trusted digital world.
A rapidly shifting regulatory landscape
The regulatory environment for data privacy is currently in an unprecedented state of flux, as the Safe Harbor framework governing personal data transfer and storage between European Union countries and the U.S. was struck down by the European Judicial Court in late 2015. A replacement for Safe Harbor, the EU-U.S. Privacy Shield Framework, has been announced but is yet to be finalised, and it remains unclear whether the proposed new agreement will survive judicial scrutiny. In addition, the emerging General Data Protection Regulation (GDPR) – another EU initiative – promises to place additional restrictions on how private and public organisations manage personal data.
When asked about the impact of the emerging data privacy regulations:
· 96 per cent of IT professionals believe emerging European regulations for data protection are creating a need for better tools and standards for ensuring protection of personal data, privacy and consent.
· 84 per cent of U.S. respondents (and 87 per cent of APJ-based respondents) believe the U.S. will eventually adopt stricter regulations similar to those in Europe; however,
· Only 66 per cent of EMEA-based respondents believed that the U.S. will eventually adopt such regulations.
Customer Data Privacy Expectations
The rapid growth of the IoT and the digital economy is posing enormous challenges to businesses and the public sector in terms of protecting personal data privacy and building trust. Gartner, Inc., forecasts that 6.4 billion connected things (IoT – which includes smart cars, smart homes, smart cities, cloud-connected healthcare devices and processor-enabled appliances) will be in use worldwide in 2016, up 30 per cent from 2015, and will reach 20.8 billion by 2020.1
While evolving regulatory requirements are impacting how organisations approach data privacy, ForgeRock also wanted to determine if IT professionals consider data privacy to be a requirement for customer satisfaction. According to most organisations, customers are demanding more control over how their personal data is managed and shared. In addition, most agreed that ensuring data privacy and consent was important for building customer loyalty.
When asked about the data privacy expectations of their customers, 95 per cent of responding IT professionals agreed with each of the following statements:
· Individuals are becoming increasingly concerned about their personal data privacy and their ability to control, manage and share data about themselves online.
· Organisations want to build trust by giving customers the ability to consent to data sharing and to control who their personal data is shared with.
· The ability to preserve and prove customer privacy builds loyalty for their brand.
The Need for a New Approach to Data Privacy
Recognising that data privacy and consent has become a critical issue but is also very complex, the survey asked IT professionals if they had the tools they need to meet regulatory and customer requirements. Not surprisingly, the majority of those surveyed believe that current methods are inadequate and that new dynamic and flexible privacy and consent methods are needed.
· 9 per cent believe current methods (i.e., check boxes, cookie acknowledgment) used to ensure data privacy and consent will be able to adapt to the needs of the digital economy.
· 96 per cent agreed that data privacy and consent methods need to be dynamic and flexible so they can adapt to emerging regulatory requirements and consumer demands.
Key Business Implications
“As our survey illustrates, coping with regulation – privacy or otherwise – is no longer just a cost centre for organisations. As connected devices and technologies take on a greater role in public and private life, there are massive business benefits to building in new identity and data privacy solutions that can scale over time,” said ForgeRock’s CEO, Mike Ellis. “Organisations clinging to legacy identity management technologies – which are currently inadequate – will be at a major disadvantage.”