Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


10:00 AM
Bart Willemsen
Bart Willemsen
Connect Directly
E-Mail vvv

4 Predictions for the Future of Privacy

Use these predictions to avoid pushback, find opportunity, and create value for your organization.

In recent years, concerns about the erosion of trust and invasion of privacy have extended into nearly every interaction between customers, organizations, and devices. Lawmakers have continued to respond with new privacy and data protection laws that put pressure on the related industries.

Related Content:

What You Need to Know About California's New Privacy Rules

Special Report: How IT Security Organizations are Attacking the Cybersecurity Problem

New From The Edge: Fighting Fileless Malware, Part 2: Countermeasures

Simultaneously, the positive effects of proper privacy protection continue to become more apparent. A proactive approach toward transparency and privacy creates an opportunity for a competitive difference among enterprises by fostering increased productivity and sales successes, improving public image, and enhancing customer trust.

Gartner compiled strategic predictions for the future of privacy, looking at the impact privacy will have on organizations this year and beyond. Security and risk management leaders can use these predictions to avoid pushback, find opportunity, and create value for their organizations.

1. By 2023, organizations that do not excessively monitor remote working employees will experience up to 15% higher productivity than those that do.

Amid the shift to remote work during COVID-19, many employers have increased tracking the activities of employees who work remotely. While they may have legitimate reasons to conduct employee monitoring, such as scanning for security threats, leaders must be mindful of respecting employees' privacy.  

Excessive monitoring can erode trust and harm the employer-employee relationship as well as the overall corporate image. Security leaders must ensure monitoring measures strike the appropriate balance between the organization's needs and employees' right to privacy. This will help employers build trust with employees and ensure higher productivity in the long run.

2. By 2023, organizations embedding privacy user experience into customer experience (CX) will enjoy greater trustworthiness and up to 20% more digital revenue than those that don't.

Consumers want to know how their personal data is being used, and they are more trusting of companies that are transparent about data usage. Once customers trust an organization, they are more likely to be loyal, to recommend that company, and to buy more products and services.

Organizations can turn privacy compliance into a revenue generation opportunity by making privacy central to the CX. It is imperative to consistently incorporate transparency and choice into all CX and personalization endeavors. The privacy user experience (UX) consists of clear yet simple language and full disclosure about the purpose of every interaction, data processed for it, enablement of choice through consent and preference management, and easy access to exercising privacy rights. Ideally, this is centralized in a consumer-facing self-service portal. By doing this, organizations can increase their trustworthiness and improve customer satisfaction and loyalty — thereby increasing revenue opportunities.

3. By 2023, over 20% of organizations will use a data risk assessment (DRA) to identify and manage appropriate privacy controls, despite a lack of guidance from regulators on how to implement it.

Organizations face a changing world filled with an ever-increasing amount of data, which can lead to huge business opportunities when that data is properly used to develop or enhance products and services. However, organizations are simultaneously challenged with navigating an evolving international portfolio of privacy and data protection laws, creating significant business risks if data is used improperly. Guidance from privacy regulators on how to mitigate such risks is often inconsistent or lacks focus.

Companies can use a DRA to identify and analyze potential privacy and data protection risks. The results of the DRA will help determine the success of existing data security controls and identify any gaps or inconsistencies that need further engineering. The DRA can also help address the compliance requirements of global data protection and privacy laws, reducing the risk of accidental disclosures, inappropriate data processing, or other data breaches.

4. By year-end 2025, multiple Internet of Behaviors (IoB) systems will elevate the risk of unintended consequences, potentially affecting over half of the world's population.

The pervasiveness of monitoring sensors, Internet of Things devices, and wide availability of massive datasets enables an unprecedented evaluation of individual "behaviors" on- and offline. An IoB system aims to capture, analyze, understand, and respond to these behaviors, with the goal to influence that behavior in return. An IoB system combines multiple sources of intelligence, such as commercial customer data, publicly available citizen data, social media, facial recognition, and location tracking, to do so.

These systems could lead to positive outcomes, such as improved public health. For example, during COVID-19, an IoB could aim to systematically monitor and analyze hand hygiene behavior, use face recognition-based analysis to determine mask usage, use device- and video-based algorithmic confirmation to monitor social distancing behavior, etc. Through information feedback loops, including inclusion or exclusion decisions, these systems could then help drive behavior adjustment.

However, when left uncontrolled, there could also be negative outcomes, such as censorship or truth fabrication. Therefore, there is naturally an ongoing debate around the position and reliability of algorithms, the ethics behind decision-making, individual rights and freedoms, and protection of autonomy regarding IoB systems.

These debates must shape acceptance parameters for IoB deployments. As an IoB grows at scale, security leaders must ensure stability and consistency. Establish a framework for privacy, security, ethics, and interconnectivity that all connected entities must subscribe to, further reducing the risk of unintended consequences.

Bart Willemsen is a Research VP at Gartner with focus on privacy, risk management and all privacy-related challenges in an international context. He is a Fellow of Information Privacy (FIP) with a broad and in-depth history of experience across industries. With detailed ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...