“It’s not a new concept,” says Hilary Wandall, General Counsel for TrustArc. She was referring to privacy. After all, as she points out, you can trace it back to the Hippocratic oath — “a very long time ago; when it was recognised how important privacy was in the context of how doctors interacted with their patients.”
Before she joined TrustArc, Hilary’s work had a good deal of focus on privacy in health, but in a wider business context, she says “privacy laws have been around, affecting business since the 1970s.”
But in those early days, “it did not have the attention of business leaders. It was more related to specific contexts, such as employment, protecting employees’ files, or in the context of certain patient interactions and confidentiality.” Or, it related she says “to a more serious aspect of the way a particular profession conducted itself.”
“In 1995, data protection directives started to shift the attention of businesses, to looking at how they were handling data across borders. This coincided with the fact that many companies were moving off of local systems, to more global systems.”
“This continued for the next 8-9 years, and companies started taking it more seriously in term of establishing chief privacy officers, and DPOs.”
However, Hilary says that it wasn’t until the late part of the last decade or so that people started paying attention privacy on a large scale. And there were two reasons for this.
The data protections directive in Europe, not only affected how European companies thought about privacy and data protection, but also how it affected global businesses because of the significance of data flows.
Secondly, data itself — as the world woke up to its value, and thanks to digital technologies, data gushed forth like oil from the ground, and the need to focus on protecting privacy grew.
There have been two other new drivers of interest in privacy:
- Development of cloud based services, whereby companies could actually begin to outsource many of their processes to third party software service providers.
- Development of global computing combined with the Internet of Things. “This transformed the way businesses operated, concerning privacy and breeches and movement of data around the world,” Hilary says.
Things changed again around 2015, “when about 90 different countries had adopted laws very much like Europe, so core aspects of making sure you are transparent about your practices, accountability, dealing with third parties and making sure you built security into your system.
“Security breaches weren’t the big issue except in the US, where a lot of breaches had happened that gave rise to all the state laws, but wasn’t really an international issue.
GDPR has transformed the urgency. That coupled with public interest in this space has created a new impetus. Hilary says: “This is leading to a much more serious approach and much more attention to the matter.”
Hilary says: “What was so interesting, was the seriousness with which companies started paying attention to privacy. The potential for steep fines provided the impetus, and they started paying more attention and dedicated huge budgets to support building much more comprehensive privacy programmes, appointing chief privacy officers, making it a board level issue.”
“That is what we see at TrustCard, so more people get budgets to support privacy, and consulting services on the one hand, but also a need for technology to support how they were building out their privacy programmes.
“We saw a huge escalation between 2016, when GDPR was fully adopted in its final draft, to most of last year.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.