Posts

5 Data Privacy Predictions for 2021

2020 has been a significant year for data management. As businesses face new technological challenges amid the COVID-19 pandemic, issues of privacy have spent some time in the spotlight. In response, data privacy could see some substantial changes in 2021.

Few people will emerge from 2020 with an unchanged perception of data security. As these ideas and feelings shift, some trends will accelerate while others get replaced. Businesses will have to adapt to these changes to survive.

Here are five such changes you can expect in 2021.

International Data Privacy Standards Will Increase

Privacy concerns over Chinese-owned app TikTok caused quite a stir in 2020. With the TikTok situation bringing new attention to privacy in international services, you’ll likely see a rise in international regulations. China has already announced new security standards and asked other countries to follow.

2020 has cast doubt over a lot of international relations. More countries will likely issue new standards to ease tension and move past these doubts. This trend started before 2020, as you can see in Europe’s GDPR, but 2021 will further it.

Customers Will Demand Transparency

Governments aren’t the only ones that will expect more of tech companies’ privacy standards. Since things like TikTok have made people more aware of what apps could access, more people will demand privacy. In 2021, companies that are transparent about how they use data will likely be more successful.

According to a PwC poll, 84% of consumers said they would switch services if they don’t trust how a company uses their data. Data privacy isn’t just important to authorities or businesses anymore. The public is growing more concerned about their data, and their choices will reflect it.

Security Will Become More Automated

In response to these growing expectations, businesses will have to do more to secure people’s data. Cybersecurity companies are facing a considerable talent shortage thanks to pandemic-related complications, though. The data security world will turn to automation to fix both of these problems.

With so many businesses changing the way they operate, cybersecurity will have to become more flexible too. Automating some processes through AI will allow companies to achieve that flexibility. Security AI is still relatively new, but as it develops, it could take off in 2021.

Security Data Analytics Will Become the Norm

Big data analytics have already become standard practice in many business applications. In 2021, more companies will start using them to improve their data privacy measures, too. With major companies like Nintendo and Marriott experiencing significant data breaches this year, more will turn to analytics to find any potential shortcomings.

No one wants to be the next data breach news story, especially with more people paying attention to these issues now. Data analytics can highlight operational improvements, showing companies how to better their data security measures. With data privacy in the spotlight in 2021, taking these steps is crucial.

Third-Party Risk Assessments Will Be More Crucial

As people demand better privacy protection, businesses will have to consider their third-party partners. Consumers will be more critical of companies giving third parties access to their data. As a result, companies will have to perform more risk assessments on any third party.

Third-party data breaches affected companies like General Electric and T-Mobile in 2020, exposing thousands of records. Customers will expect businesses to hold their partners to higher standards to avoid these risks.

2021 Could Be a Landmark Year for Data Privacy

Data privacy is more prominent than ever before, mostly due to a few notable scandals. Now that the general public is more aware of these issues, businesses will have to meet higher standards for data privacy. Implementing data security processes may cause some disruption and confusion at first, but it will ultimately lead to a safer digital landscape.

All of these changes could make 2021 a turning point for data security. With higher expectations from consumers and authorities, data management will become more secure.

Consider Anonymization – Process Mining Rule 3 of 4

This is article no. 3 of the four-part article series Privacy, Security and Ethics in Process Mining.

Read this article in German:
Datenschutz, Sicherheit und Ethik beim Process Mining – Regel 3 von 4

If you have sensitive information in your data set, instead of removing it you can also consider the use of anonymization. When you anonymize a set of values, then the actual values (for example, the employee names “Mary Jones”, “Fred Smith”, etc.) will be replaced by another value (for example, “Resource 1”, “Resource 2”, etc.).

If the same original value appears multiple times in the data set, then it will be replaced with the same replacement value (“Mary Jones” will always be replaced by “Resource 1”). This way, anonymization allows you to obfuscate the original data but it preserves the patterns in the data set for your analysis. For example, you will still be able to analyze the workload distribution across all employees without seeing the actual names.

Some process mining tools (Disco and ProM) include anonymization functionality. This means that you can import your data into the process mining tool and select which data fields should be anonymized. For example, you can choose to anonymize just the Case IDs, the resource name, attribute values, or the timestamps. Then you export the anonymized data set and you can distribute it among your team for further analysis.

Do:

  • Determine which data fields are sensitive and need to be anonymized (see also the list of common process mining attributes and how they are impacted if anonymized).
  • Keep in mind that despite the anonymization certain information may still be identifiable. For example, there may be just one patient having a very rare disease, or the birthday information of your customer combined with their place of birth may narrow down the set of possible people so much that the data is not anonymous anymore.

Don’t:

  • Anonymize the data before you have cleaned your data, because after the anonymization the data cleaning may not be possible anymore. For example, imagine that slightly different customer category names are used in different regions but they actually mean the same. You would like to merge these different names in a data cleaning step. However, after you have anonymized the names as “Category 1”, “Category 2”, etc. the data cleaning cannot be done anymore.
  • Anonymize fields that do not need to be anonymized. While anonymization can help to preserve patterns in your data, you can easily lose relevant information. For example, if you anonymize the Case ID in your incident management process, then you cannot look up the ticket number of the incident in the service desk system anymore. By establishing a collaborative culture around your process mining initiative (see guideline No. 4) and by working in a responsible, goal-oriented way, you can often work openly with the original data that you have within your team.