Security Experts:

Digital Economy Destabilized by a Lack of Trust in Use of Personal Data

World Economic Forum Report Suggests Dialogue About Personal Data Is Focused on Privacy Protection and Anchored in Fear and Doubt, Undermining the Huge Economic and Social Value

According to a new World Economic Forum report published Wednesday, dialogue about personal data is currently anchored in fear, uncertainty and doubt (FUD). As individuals demand more control and value from their personal information online, organizations that collect, sell, and trade it, need to develop an effective set of "trade rules" to ensure the appropriate flow of personal data.

The report entitled, “Rethinking Personal Data: Strengthening Trust”, prepared in collaboration with The Boston Consulting Group, says that proper use of personal data can create enormous value for organizations and individuals. However, personal data is still an asset, and one that lacks any type of basic trade rules.

World Economic ForumPersonal data is clearly a goldmine, assuming Facebook is any indication of how valuable personal information can be. Yet, the collection, distribution, and safety of that information creates unique problems. On one side, consumers are increasingly concerned about intrusions into their privacy and the possibility of their personal data being used for purposes of which they do not approve.

On the other side, companies are unclear about what they can and cannot do with personal data and are either standing on the sidelines or forging ahead with an unclear understanding of liabilities and the potential for negative impact on their reputations and brands.

In this scenario, organizations are either violating the individual trust placed into them by their customers or users, who in turn are hesitant to share additional personal information – if they share any at all. When this happens, the data goldmine dries up.

"Appropriate use of personal data can lead to new economic value, as the recent valuations of companies that collect and utilize personal data would suggest," said John Rose, senior partner at Boston Consulting Group.

"But data is an asset that needs to flow to create value -- and that requires trading rules that balance the interests of all stakeholders."

The report aims to spark discussions around who owns personal data, how can individual privacy be protected, and how should organizations that use personal data be held accountable for both securing it and adhering to the agreed upon rules of collection and usage.

"The borderless flow of personal data requires individuals, business leaders, and policymakers to all coordinate in innovative ways to unlock long-term value," said Alan Marcus, senior director of IT and telecommunications at the World Economic Forum. "Critical to this will be developing ways to hold organizations accountable for securing data and living within the agreed rules."

Understanding that stakeholders have different cultural norms, timeframes and paths to a potential solution, the nature of data flows suggests that leaders need to work together to achieve a coordinated yet decentralized approach to the challenge. Accordingly, the report recommends that stakeholders take four main steps:

1. Engage in a structured, robust dialogue to restore trust in the personal data ecosystem - The debate needs to focus on achieving consensus on some of the key tensions, including securing and protecting data, developing accountability systems, and agreeing on rules for the trusted and permissioned flow of data for different contexts. Central to this dialogue is the inclusion of individuals, who play an increasingly important role as both data subjects and as data creators.

2. Develop and agree on principles to encourage the trusted flow of personal data - The simple slogan of “think globally, act locally” can help frame these principles (i.e. shared principles can help all the actors aim towards the same outcomes, even if their approaches for how to get there differ).

3. Develop new models of governance for collective action - Regulators, organizations and individuals can play complementary roles in establishing accountability systems, enforcement mechanisms, rights and permissions.

4. Establish “living labs” - Given the complex social, commercial, technical and regulatory uncertainties and interdependencies, an environment which can provide stakeholders with the ability to test and learn in real time (and at scale) needs to be established. These labs can provide a safe context for more fully understanding the system dynamics and collectively identifying shared opportunities, risks and the means for effective collaboration.

The 36-page report can be downloaded here.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.