Individuals need to become more cautious about sharing their data with companies. Especially in return for an apparent reward such as for a discounted price or minor perk. In this case, how should businesses develop trust with their customers and what sorts of data privacy aspects should consumers be wishing to see from businesses?

To gain an insight into the important issues facing the business community, Digital Journal heard from Jeff Reich, Executive Director at the Identity Defined Security Alliance (IDSA).

Reich begins his analysis by assessing the data privacy issue from the perspective of the ordinary citizen, observing: “More and more of us wake up every day realizing that the amount of control that we have over our digital identities is less than we believed yesterday.”

There are actions that each individual should be considering in relation to this topic. Reich recommends: “Not only do each of us need to take more effective control over our identities, but we also find that the custodians of our data, whom we trust, need to do more as well. While legislators and leaders take steps to address this issue, most are far enough removed from the actual goings-on that they don’t know how to create the appropriate laws. The time it takes to enact legislation means we are months, if not years, behind where we need to be.”

Looking at the types of regulations that can be deployed, Reich considers: “The European Union’s General Data Protection Regulation (GDPR) was an excellent first step towards achieving this goal.”

The same type of progress has not yet been realised in the U.S., finds Reich, noting: “Some U.S. states have adopted their customized version of that. Federal laws are a patchwork, focused on specific verticals such as banking or healthcare. Adding this to the picture across the rest of the globe, and you can see the magnitude of the problem.”

The technological infrastructure does not help with this situation either. Reich opines: “We have an underlying problem of poor security across many platforms and applications, leading to untrustworthy privacy provisions. This issue is compounded by the patchwork of privacy laws that drives many organizations to focus on compliance with whatever they feel applies to them.”

Tellingly, Reich adds: “They may believe that compliance leads to security when, in fact, good security leads to compliance.”

Future state technologies are likely to increase the threat level. Reich comments: “Adding AI into the equation means that we don’t know what needs to be done, by whom, and if that is even the identity that I think I am working with. Multi-Factor Authentication (MFA) is adding trust and friction at the same time.”

As a parting recommendation, considering things from an internationalist perspective, Reich states: “As a global society, we need to evolve to more seamless solutions that can add trust to identity management and confidence in what we do.”