January 28, 2022
Data Privacy Day is Just the Beginning: How Companies Must Tackle Privacy in the Coming Years
This month, on January 28, countries around the world will observe Data Privacy Day (known in Europe and other countries as Data Protection Day), partnering with non-profits and private enterprises to create awareness around data privacy and help establish best practices worldwide.
Since its creation in 2007, Data Privacy Day has grown dramatically and is now recognized in over 50 countries, including the U.S., Canada, Israel, and most of Europe. It is also promoted by a number of non-profit organizations, such as the International Association of Privacy Professionals (IAPP).
But that’s just the tip of the private data iceberg, so to speak.
As of this writing, some 128 countries world-wide either have data privacy legislation in place or in the works (out of the 195 recognized internationally). For perspective, 140 countries have laws on the books about libel and defamation; 126 have laws that protect against workplace discrimination; and 119 have “freedom of information laws.”
In short, data privacy laws will be some of the most prevalent laws globally, and most of the world’s citizens will soon be covered by at least one such law. (According to Gartner, this number will touch 65% by 2023)
Understanding the broad and sweeping impact of data privacy issues is no longer an academic exercise, nor something that specialists worry about—today, it is a business necessity.
What the Future of Data Privacy Looks Like: Four Predictions
So what does the future of data privacy look like? And to what extent will conversations about data privacy be held in boardrooms across the globe?
We have uncovered four industry predictions that show the size and relevance of the data privacy industry, and how it is touching all other industries (just as the advent of the internet did a generation ago).
1) By 2023, government regulations requiring consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.
Right now, the data collected by the vast majority of products people use every day is not regulated. Data that is regulated is done so through a patchwork of laws, especially in the United States. There, laws tend to cover specific kinds of private data (HIPAA, FERPA, COPPA, etc.) or are enacted at the state level (such as California’s CCPA and CPRA).
That said, more comprehensive laws, like Europe’s GDPR, do exist—and they apply even when companies do business outside of Europe’s borders. And just this past year, China passed the Personal Information Protection Law (PIPL), which will bring the grand total of people worldwide covered by data protection laws to over 5 billion by 2023, according to reporting from Fortune magazine.
What this means is that businesses cannot assume data privacy is something they can put off because “it just does not affect our markets” or “there are no laws covering our customers specifically.” Organizations will be required, in one way or another, to provide free and accessible consumer privacy rights to the majority of their customers.
2) Organizations that mishandle data will suffer up to 3x greater financial damage in future.
This prediction made by Gartner, and reported in InformationWeek, is the inevitable result of the proliferation of data privacy laws highlighted above. With a growing number of laws, and greater coverage, companies will inevitably see a rise in class action lawsuits and mass claims stemming from more comprehensive laws and more rigorous enforcement.
In other words, data privacy enforcement will get serious, and the penalties for not complying with these laws will mushroom within the next four years.
3) By 2024, 30% of enterprises will have adopted a data security platform (DSP).
This is a prediction from Gartner’s 2022 Strategic Roadmap for Data Security Platform Convergence. Gartner defines a DSP as “products and services characterized by data security offerings that target the integration of the unique protection requirements of data across data types, storage silos and ecosystems.” Contrast that 30% with the mere 5% of enterprises that had a DSP in 2019—a five-fold increase in demand in just as many years.
No doubt the greater prevalence of data protection laws is motivating much of this purchase activity…but so is innovation. Products are continually adding new capabilities, and platforms are coming together in response to the need for more comprehensive privacy solutions.
In other words, large companies are moving quickly from piecemeal data security solutions to comprehensive platforms, both because the demand is there, and because the market is innovating.
4) Large organizations’ average annual budget for privacy will exceed $2.5 million this year.
Cisco’s 2021 Data Privacy Benchmark Study found that, on average, budgets for data privacy not only grew in 2020, they doubled, with companies spending upward of $2.5 million. Needless to say that number will likely be exceeded in 2022—if it has not already been exceeded in 2021.
Given the above, these numbers are not all that surprising—but consider what exploding budgets and new players will mean for the industry itself.
We predict that, with this pool of money growing the way it is, security and privacy companies will continue to differentiate themselves so that they, too, can get a piece of the ever-growing pie. While earlier data privacy solutions focused more on the basics (compliance requirements, for example), we see multiple providers getting into the data privacy game, each touting a unique set of solutions designed to make navigating data privacy issues easier.
And that means business consumers will have to be all the more savvy when looking for data privacy solutions themselves. Yes, the pressure to get a solution in place is great—but so, too, will be the number and complexity of options available to them.
Data Privacy Day should be a time to look positively at everything governments and businesses are doing to ensure people’s privacy and security. But it is also a time to reflect on how massive the coordination effort will be to address these issues going forward—and what data privacy companies themselves need to do to help organizations navigate this new reality.