By Bryan Strickland, for the Journal of Accountancy
Prioritizing privacy protections can be good for business, quite literally.
But how can organizations get the greatest return on investment for their efforts?
The Cisco 2024 Data Privacy Benchmark Study found that, based on responses from 2,600 global security and privacy professionals, organizations on average netted 1.6 times back from their investment in privacy measures in 2023, with 30% of respondents reporting at least a 200% ROI.
The report, in addition to generally encouraging organizations to continue to invest in privacy, offered four recommendations based on the findings that organizations can take to optimize their approach, both related to their customers' data and their own.
1. Provide greater transparency in how your organization applies, manages, and uses personal data, as this will go a long way toward building and maintaining customer trust.
In the survey — which featured respondents representing 12 countries, 10 industry segments, and all sizes of companies — 94% said that customers won't buy from their companies if their data isn't properly protected.
When it comes to data protection priorities, however, customers and companies aren't necessarily on the same page, a divide that creates an opportunity for businesses to delight their customers.
In the "consumer view" portion of the survey, 61% of respondents cited two overlapping actions that would help build and maintain their trust: providing clear information on data use and refraining from selling personal information for ads and marketing. Yet, in the "organization view" of the survey, just 36% of respondents recognized one of those two as their top priority.
It could be to companies' benefit to provide clear information to customers on data use, including making sure they're aware of whether their data is being sold.
2. Establish protections, such as AI ethics management programs, involving humans in the process, and working to remove any biases in the algorithms when using AI for automated decision-making involving customer data.
Ninety-one percent of security and privacy professionals agreed that organizations need to do more to reassure customers about their data use related to artificial intelligence (AI). Customers agree: In the Cisco 2023 Consumer Privacy Survey, more than 70% called for companies to use an AI ethics management program; involve humans in the process; explain how AI applications work in decision-making; and audit AI applications for bias.
In the 2024 survey, approximately half of privacy experts said their organizations are using an AI ethics program, are involving humans in the process, and are explaining to customers how AI applications work.
However, just one-third said their organizations are auditing AI applications for bias.
Other recent surveys reinforce the need for reliable auditing of AI applications, with some suggesting that auditors themselves could be a good option for the assurance process.
3. Apply appropriate control mechanisms and educate employees regarding the risks associated with Gen AI applications.
Generative AI (Gen AI),the term for AI that can use existing data to generate new content such as text, video, and photos — and even computer code — is rapidly developing and offers companies a valuable tool for processing data to better serve customers.
Seventy-nine percent of privacy experts said Gen AI currently provides significant value. Yet, 27% of organizations currently don't permit its use.
So, what's going on?
Well, even more paradoxically, 68% expressed concerns about the use of Gen AI resulting in private information being shared with the public or competitors. Yet, 38% admitted to entering customer names or information into Gen AI, and 45% or more admitted to entering information about internal processes, nonpublic information about the company, and employee names or information.
The survey results, however, don't mean the 27% currently banning the use of Gen AI have the right idea. Rather, it all adds up to the importance of using Gen AI but using it right. And, along those lines, 92% recognize that Gen AI is fundamentally different and requires new techniques for managing data and risks.
Specific to CPA firms, a former firm partner who helped CPA.com build a Gen AI toolkit believes using the new technology while establishing guardrails that are as wide as possible provides value that outweighs the risk.
4. Consider the costs and consequences of data localization and recognize that local providers may be more expensive and degrade the functionality, privacy, and security of your data when compared to global providers operating at scale.
When it comes to big-picture efforts to protect data, 80% of privacy experts said privacy laws have had a positive impact on their organizations. Ninety-one percent believe data is safer if stored within their home country, yet 85% said data localization adds significant cost and 86% said global providers are better at protecting data than local ones.
That may sound contradictory, but the study surmised that theresponses "indicate that organizations would ideally like to keep their data local, but they still prefer and trust a global provider over a local provider."
Whatever the details, the protection of sensitive data is more important than it has ever been.
— ### —