In many ways, 2021 was a landmark year for online privacy. In April 2021, Apple rolled out an update allowing users to opt out of app tracking, with most iPhone users having done so by the end of the year. There were even talks to disable tracking technology on the world’s most popular web browser. We also saw movement on the legislative front, with South Africa’s Protection of Personal Information Act (POPIA) coming into effect in July. (Kenya and Nigeria’s equivalent acts came into effect in 2019). In fact, Gartner predicts that modern privacy laws will cover 75% of the world’s population by the end of 2023.
But there’s also clearly still a lot of work to be done. By the end of September 2021, there had been more data breaches than in the whole of 2020, impacting hundreds of millions of people. The average cost of a data breach rose to US$4.24-million, the highest it’s been in 17 years.
What this illustrates is that online privacy and security is an ongoing battle and that organisations of all sizes will have to keep stepping up their efforts when it comes to protecting their customers and staff. While it’s hard to predict exactly how this will play out in 2022, there are several definite trends that will have an impact throughout the course of the year.
Privacy will become (even more) mainstream
With big tech embracing privacy, or at the very least making an effort, it’ll likely become even more mainstream. This will be a positive in many markets, especially where the majority of ordinary business owners are naive to their consumers’ privacy wants and needs.
A survey Zoho conducted earlier in 2021, for example, found that only 36% of Kenyan businesses are aware of privacy laws governing their marketing activities, despite the Data Protection Act being in effect since 2019. It also found that while 77% of the businesses indicated that they have well-documented policies for customer data protection, only 56% are strictly applying those policies.
At Zoho, data privacy is perceived as not just a legal obligation but an ethical choice. The team is serious about customer data protection and strives to develop applications that treat user data responsibly. In 2020, Zoho also took a strong stance against adjunct surveillance—the practice of monitoring data and activity through third parties, cookies, and trackers embedded in the software/website—and removed all invasive/non-essential third-party trackers from its websites.
The growing importance of (safely) dumping data
Having spent years trying to gather as much data as possible on their users, companies are starting to realise that it’s not always an asset. In fact, many organisations are sitting on vast “data graveyards” that are a major security liability.
The better they get at safely disposing of that data, the less risk they’ll face when it comes to cybersecurity breaches. With increasingly robust laws, companies will be forced to improve their governance but the organisations that fare best will be the ones that go above and beyond when it comes to data governance.
Increased demand for transparency
As an effect of privacy becoming an increasingly mainstream issue, it’s also become a much bigger concern for ordinary consumers who are turning privacy-conscious with each passing day. People want to know that companies aren’t going to collect data that they aren’t comfortable sharing and that the companies will be wholly transparent with the data they do collect. For the next few years, organisations that boldly come forward and declare their data collection practices with complete transparency and accountability will gain a competitive advantage.
A higher responsibility
Ultimately, the onus is on the organisations to set up a company-wide data governance framework which ensures that only the minimum necessary amount of data is collected from customers along with their explicit consent and is further used, stored, and managed responsibly. Equally important, organisations should ensure that their business software providers and vendors also follow the same amount of strict guidelines, policies, and compliance procedures when it comes to data privacy.