If not safeguarded correctly, data can be a vulnerable point of security for a business.
Stories of data breaches and cyber-attacks consistently make their way into headlines. For example, the 2020 SolarWinds supply chain breach that was carried out through the compromised Orion network management system demonstrated this, causing massive security breaches for more than 18,000 customers.
A recent report also indicates that hacked companies suffered an 11% loss of annual revenue, or approximately $12 million, per company. However, when protected and used correctly, data is a crucial ingredient for the successful growth of a business, and its ability to engage in online economic activities.
While data helps the local private sector improve services, business models, and innovation, data collection and processing must be balanced with the responsibility to protect information that is sensitive in nature.
Data is “factual information (such as measurements or statistics) used as a basis for reasoning, discussion, or calculation.” Data can also be information in a digital format that is transmitted or processed. Businesses across the globe collect data through many sources, such as through transactions, communications, customer behavior, supply chains, risk assessments, or social media. With the digitalization of most sectors of economic and social life, as well as the emergence of the Internet of Things (IoT), the quantity and quality of data available for collection and analysis is unprecedented.
While data helps the local private sector improve services, business models, and innovation, data collection and processing must be balanced with the responsibility to protect information that is sensitive in nature. Sensitive data is defined as “a specific set of ‘special categories’ that must be treated with extra security.”
These categories include information such as racial or ethnic origin, political beliefs, religious beliefs, membership to a trade union, genetic data, and biometric data. As data becomes increasingly digitalized, data privacy is becoming a key concern for many consumers that engage in the digital economy. For example, one study showed that citizens from Kenya who identify as human rights defenders placed a high value on data privacy. Protecting data will strengthen the digital economy by mitigating financial and legal risk, fostering trust between businesses and consumers, and promoting reliable and transparent economic ecosystems that upholds democratic values.
Private Sector Commitment to Data Privacy
The expansion of the digital economy underscores the importance of data privacy. As more and more businesses have transitioned to operating online, business organizations must adapt to the digital ecosystem and therefore understand the legal and regulatory environment in which they operate.
Inadequate data privacy practices in the private sector will result in serious consequences, such as a business experiencing financial deficit, loss of trust in customer base, or legal penalties. Local business communities that prioritize data privacy may also reap additional competitive advantages:
- Privacy can protect financial gain. Companies that invest more into their data privacy practices can reap up to 2.7 times on their original investment. Furthermore, with higher financial returns and thus higher accountability ratings, companies can gain an advantage over competitors. Companies can also avoid financial loss related to legal repercussions for improper data practices.
- Privacy can enhance trust. With an increase in high profile consumer data breaches, many consumers place greater importance on the data privacy practices of the companies they do business with. According to a survey of more than 10,000 consumers globally, 70% of consumers reported they would not do business with a company if it had experienced a data breach. In another 2019 report on business trust, more than 81% of respondents said that trust in a company was a deciding factor in their brand buying decision. Trust may also improve brand reputation and the spread of brand recognition through increased customer satisfaction.
- Privacy can help support long-term growth. With an increased awareness around data privacy practices and state-led regulatory standards, the sooner companies prioritize data privacy internally, the more prepared they will be to sustain and grow their organization in the digital economy. With more efficient and secure infrastructure and practices, these companies that prioritize data privacy may receive a competitive advantage in an increasingly regulated digital economy.
Data Privacy in International Frameworks and National Regulations
It is also important to note that data privacy plays a larger role in protecting human rights and upholding democratic institutions. The Council of Europe, the UN International Covenant on Civil and Political Rights, and several other international human rights doctrines establish these norms. Data privacy is also an important element of ensuring democracy flourishes online by allowing a citizen’s right to privacy and protection while engaging online.
At the same time, legal and regulatory frameworks vary from country to country and even within countries and between different administrative regions. Therefore, it is important for local businesses and private sector organizations to understand local data privacy regulations and assess whether existing practices adhere to these laws.
Resources for Local Business Communities
To help local business communities understand the importance of data privacy and stay secure online, CIPE’s Technology for Democracy course offers training modules on topics such as digital security and data privacy. For instance, the module on data privacy outlines the best practices for collecting, storing, disposing, and reusing data, as well as how to keep sensitive data secure throughout the data lifecycle. It also illustrates the value of data for advancing a business organization’s mission and objectives.
In addition, as countries around the world continue to develop and implement new legislation focused on data privacy and protection, local business communities should understand specific data privacy requirements that should be followed when operating in or with stakeholders from a particular country or region. Moreover, local business communities can play an important role in advocating to ensure that data privacy regulations prioritize privacy of citizens, outline clear data privacy requirements that are also attainable for small businesses, and build an enabling environment that promotes inclusive growth in the digital economy. To support local private sector voices in multi-stakeholder dialogues on these issues, CIPE’s Digital Economy Enabling Environment Guide (the Guide) discusses timely elements of data privacy such as cross-border transactions, the concerns of data localization, data on the cloud, and legal regulation jurisdictions. (An interactive online training of the Guide can also be found here).
With the recent influx of data breaches, the importance of strengthening data privacy and protection has never been more important. Local business communities can develop and implement responsible data privacy practices while still maintaining a competitive edge in the digital economy. In addition, as governments across emerging markets continue to draft new legislation on data privacy and protection, the local business community can play a role in policy conversations in the development of these new laws and regulations to ensure effective and feasible implementation. Together, these efforts will create more transparent and secure data privacy practices that will support democratic institutions and human rights, which are essential in ensuring inclusive growth in the digital economy.