Connect with us

Hi, what are you looking for?


Q&A: Strategies businesses need to address data privacy issues (Includes interview)

To gain a professional insight into data privacy concerns for businesses, Digital Journal spoke with Eve Maler, ForgeRock’s Interim CTO. Maler founded and leads the User-Managed Access (UMA) standards effort and provides expert advice to forums such as Open Banking. Previously, Eve co-invented the SAML and XML standards.

Digital Journal: How has data privacy evolved in the past few years?

Eve Maler: Data privacy today involves building a pyramid of solutions. Data protection is the foundation in the pyramid; this is where you work on the security of personal data. The second layer is data transparency; here you need to inform people what you collected and want to collect about them and how you use it. Data control is the third layer – giving consumers choice and authority over what is collected about their own lives.

DJ: Are consumers more aware of data privacy issues? What are their expectations of companies?

Maler: Consumers love taking part in the connected world, but to do so, they must share personal data. Millions of people are uninformed and unaware about how their personal information is being used, collected or shared in our digital society. Regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) put a premium on gathering consent from individuals, empowering them to take control over their data.

As consumers move toward a personalized experience while seeking a real measure of privacy, they expect companies to protect their data. Data transparency and data control enhance the relationship businesses have with their consumers. Businesses won’t be trusted if they don’t act in a trustworthy fashion, so organizations must embark on a consumer trust maturity journey. The first step on this journey is embracing data privacy; implementing the appropriate data privacy regulations should be viewed as an opportunity to build that trust with consumers.

DJ: How can firms best identify where digital transformation opportunities and user trust risks intersect?

Maler:Enterprises might find their resources are more stretched when keeping up with regulations if they have legacy security systems in place because personal data may be more easily compromised. Additionally, they may not have an approach to consent that is consistent and standardized, as opposed to organizations with modern identity and access management tools in place that are prepared to operate across different channels and applications, all while empowering end-users to manage their own profiles, passwords, privacy settings and personal data.

DJ: Should companies begin to identify personal data as a joint asset, in relation to customers?

Maler:Yes, companies should consider personal data as a joint asset. It’s easy for the risk leads within a company to say data subjects own their own personal data, but business leaders have incentives to leverage that data for the value it brings to their business model, which changes the equation. All the stakeholders within an organization need to come together and think about data as a joint asset in which all parties, including consumers themselves, have a stake in its use.

DJ: How should companies seek consumer consent?

Maler:A business often will have a choice to offer consent to end-users rather than just taking data. CCPA is an example of how companies can seek consumer consent. It empowers consumers by allowing them to know all data collected on them by the business. Transparency about the personally identifiable information (PII) collected and how it is secured represents the second layer of the data privacy pyramid. CCPA also gives consumers the right to object to the sale of their PII, which represents the third layer of the data privacy pyramid – data control. Giving consumers choice and authority over what is collected about their own lives helps organizations adhere to new and existing regulations, while also building user trust.

DJ: How can companies take advantage of consumer identity and access management for building trust?

Maler:Identity management platforms automate and provide visibility into the entire IAM lifecycle, all while allowing end-users to retain the controls to manage their own profiles, passwords, privacy settings and personal data.

Businesses should deploy comprehensive identity management and robust consent management systems to ensure there are not only mechanisms that act as their first line of defense for protecting consumer data, but also strengthen the bonds of digital trust for all service users.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


The NBA announced 11-year global media rights deals with The Walt Disney Company, NBCUniversal and Amazon.

Social Media

A video that has been shared on social media showing a purported Palestinian militant threatening attacks on France during the Olympic Games.

Tech & Science

Drug repurposing refers to the use of existing drugs to treat diseases or conditions which they were not originally developed or approved for.

Tech & Science

Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96.