Privacy is a right, not a privilege. But organizations and leadership often struggle when it comes to adapting their culture toward digital trust and stewardship.
The past year has been critical for Facebook’s reputation, with the tech giant coming under scrutiny following extensive, high-profile data privacy breaches. The failure of Facebook to provide good answers to tough questions about how and why it uses citizens’ data has exposed the cracks in the trust infrastructure that underpins our digital economy. Today, companies can be considered “cybersecure” but still not employ processes that ensure the security of internal data and the integrity of data relations with external stakeholders.
We have entered a critical moment in the evolution of the digital economy where we must question where and how personal data should be used and determine who has the right to gain commercial profits from the insights generated by users’ digital data.1 Organizations must think critically about their own digital trust — an umbrella term we use to describe the behavioral guidelines and cultural principles that include data privacy, security, protection, and stewardship.
Beliefs and behaviors in today’s virtual world blur the definitions and boundaries of responsibility for data privacy, which is reshaping consumers’ expectations of protection. Organizations seeking to adapt their culture toward better digital trust face many challenges. By identifying a topology of behaviors and attitudes of different kinds of companies, we have determined four techniques that organizations can use to map their journey from compliance to trust.
Investigating Digital Trust
When an organization goes through a privacy and breach disclosure effort, actions are typically driven by compliance requirements and regulatory changes, while the underlying culture around digital trust within the organization often remains unchanged. For every interaction where data is shared between a private individual and an organization, there is an implicit zone of trust created between the parties. The fallout from recent data breaches — whether due to apparent disregard for citizens’ data or inadvertent disclosure2 — suggests appraisal of this trust relationship is overdue. The introduction of formal measures may enable organizations to differentiate themselves on a scale for digital trust (similar to the Ponemon Institute trust rankings, promoting and perhaps incentivizing digital trust across the business ecosystem.
In December 2017, we surveyed 83 members of a U.S. consortium of information technology and security executives to understand what goes on in their companies in the context of digital trust and to explore their attitudes toward data privacy and breach disclosure.