It seems like there were more companies that had privacy-related problems in 2014 than didn't. And the lucky ones that didn't "get got" were separated by only one or two degrees from those that did. As we look ahead to 2015, I see a mix of old privacy concerns along with a few emerging dangers.
Breaches are the new normal. Sony Pictures, the U.S. Postal Service, Home Depot, JPMorgan Chase, Goodwill, Staples, eBay, P.F. Chang's, Michaels, Neiman Marcus and Kmart, along with countless others, experienced major data compromises this year. It almost seems like the only reason this or that entity hasn't been involved in a privacy-related disaster is that the bad guys haven't gotten around to them yet. Of course there are things companies can do to avoid privacy pitfalls, but they too often don't do them. As a result, breaches will continue apace in the new year.
The flood of personally identifiable information released by these and other leaking entities will continue to make waves in 2015. This will be the year that consumers grok that what you can't see in the realm of data collection really can hurt you. Simple knowledge, like the fact that companies are not required to tell you their security protocols, will start to go mainstream. When that happens, it might be easier to get some federally mandated legislative remedies. In the meantime, consumers will approach privacy with extreme caution, dialing back the information they're willing to share.
If one of the big lessons of 2014 was how badly data security is handled, the next year should spur a more 24/7/365 approach. More and more, people know that even the strongest data fortress has a weakness--and that it often takes the form of an employee who didn't listen to security protocols when the training module about best data-security practices went around the office. This will become an HR harping point in 2015--read those security updates! And there will be progress on that front, too.
Here are five more issues that will come to the fore in the next year.
1. The New Privacy Sales Pitch
Privacy by design, the idea that a company should make privacy and data security a marketing point, will not be a factoid known only by the data-security crowd. Consumers will key into the way marketing campaigns talk about privacy and data-security. For some companies, this shift will take the form of an attractive privacy-by-design marketing plan that could convert the window-shopping curious into customers. For others, that same approach, however, may elicit an even warier attitude from consumers.
2. Data Will Matter in Lawsuits
Companies that harvest private information could very well be called to testify in lawsuits based on the data they hold. Telegraphing what will doubtless become a future strategy, a personal injury claim represented by McLeod Law in Calgary included evidence culled from Fitbit data to prove that a client was still suffering four years after an accident.
3. Sharing Will Decline
During this year's PrivacyXChange Forum, Kevin Ashton used big data to show attendees the location of people who shared pictures of cats on social media within the vicinity of the building where he was giving his talk. He was able to do this because iknowwhereyourcatlives.com had aggregated that data. Fitbit got in hot water recently because the default share setting was broadcasting the sex lives of users. Another device offered by Jawbone aggregated users' anonymized sleep habits without their knowledge. The more consumers realize how their information can be used and abused, the less they will share on social media and through their Internet of Things devices.
4. Chip-and-PIN Credit Cards Will Have a Bumpy Start
While 2015 is the year Chip-and-PIN credit card technology finally becomes the norm in North America, we've unfortunately already seen Chip-and-PIN scams. There will be glitches, most if not all of them born of bad management, that will occur due to poor implementation of the EMV technology that makes the cards more secure.
5. We'll See More Hyper-Targeted Cyberattacks
Sony Pictures was nearly gutted by a cyberattack recently. It's not clear who was responsible, but it is clear that the goal was malice. As one commentator said, "This was like a home invasion where after taking the family jewels the hackers set the house ablaze." There will be more Sony-style attacks targeting a single company for a particular reason in 2015. Another trend will be boiler room-style operations aimed at collecting information to game the stock market, as we saw recently in the biotech industry.
The year to come in privacy is going to be all about evolution--both of privacy-related crime and the protection of consumers' private information.