This is part 2 of our Data Privacy Week series. We heard from top #cybersecurity and #privacy experts about what is shaping the data privacy landscape today and why and how organizations should focus their data privacy efforts.
Morgan Wright, Chief Security Advisor, SentinelOne
“I’m not convinced people have a comprehensive understanding of the privacy implications associated with all the technology in their lives. Whether it’s a consumer, small business, or company employee, the things privacy needs to address are expanding at a faster rate than our ability to address them. The introduction of generative AI has changed many of our assumptions and understanding about privacy creating ‘privacy fatigue’. In reality, very few, if any people (except lawyers), read the fine print anymore. The ability for AI to glean insights from available data gives the false impression that privacy was breached. Rather, AI has become more adept at connecting the dots.
One of the biggest misconceptions is what privacy is. It’s a policy, not a technology. Simply saying a company privacy policy on the handling of your data is only one-half the issue, securing that data is the other half. Privacy regulations fail because of the lack of adoption of advanced technology to implement the policies and defend the data.
In addition, technology users continue to share information on social media or respond to a multitude of surveys and willingly give up information that they would otherwise expect a company to protect. Privacy is only as effective as the willingness of users to agree to the rules. The biggest continuing threat to privacy is self-inflicted.”
Tanneasha Gordon, Deloitte’s US Data & Privacy Cyber leader specializing in digital trust
“Customer privacy will take center stage in advertising in 2024 – as digital platforms change, organizations will evolve their digital strategies to embrace customer data privacy more deeply. Brands advancing strategies that leverage cyber-aware, privacy-enhancing approaches will net competitive differentiation and nurture trustworthy engagements with their target audiences through more durable marketing tactics. In 2024, I expect the AdTech industry to continue to be disrupted by interactions that both help earn goodwill for brands and enhance privacy for customers.”
Josh Salmanson, SVP of Technology Solutions at Telos Corporation
“Data Privacy Week is more important this year than ever before. That’s because, in 2023, ChatGPT happened, sparking unprecedented curiosity across business decision-makers and everyday technology users alike. Large language model (LLM) adoption accelerated, and the most complex problems became easier and faster to solve.
There’s no disputing the benefits that LLMs have introduced, but they’ve also delivered potentially massive data security and privacy problems. Now more than ever, anyone exploring these tools must look critically at the data they’re inputting. Consider the implications of data exposure any time data is inputted. The age-old “better safe than sorry” has never rung truer – If that information should not be made public, it should not be inputted.”
Antoine Vastel, PhD, VP of Research at DataDome
“Machine learning models, in particular large language models (LLMs), need huge volumes of training data to improve performance. Some companies training these LLMs obtain the data by scraping it at scale. While scraped data is public, LLMs may make them more easily findable/queryable, which can hurt end-user privacy. Indeed, most people interacting online don’t expect/think/anticipate that it may make their online interactions searchable through an LLM like ChatGPT.”
Ashley Leonard, CEO and Founder at Syxsense
“Over the past year, there has been a surge of state data privacy laws being enacted; Iowa, Indiana, Montana, Tennessee, and Texas all enacted their own laws, joining the initial group of California, Colorado, Virginia, Utah, and Connecticut. While in theory this overall may be good for personal privacy, this patchwork approach creates compliance challenges for businesses operating across multiple states. This will typically result in gaps and, ultimately, may not be as strong as a single, unified approach to data privacy.
It’s impossible to not see the impact AI is having on data privacy. For one, California has made shifts to its data broker law to give consumers more control over the sale of their personal information. Part of this is due to how much personal data is running through AI algorithms now as part of training models or to create baselines for AI outputs. Another example is the use of AI to diagnose health conditions. While this data may be de-identified before use, it is not usually anonymized, making it possible for people to be connected back to the diagnosis or health data.
From a security perspective, the hyper-focus on incorporating AI systems into day-to-day tasks can create new attack vectors for hackers to exploit, potentially compromising sensitive data stored or processed by AI algorithms. Figuring out how to ensure the security of AI use is going to be critical as we move forward.”
Nimrod Partush, VP of Data Science, CYE
“The advent of AI, particularly Large Language Models (LLMs), has influenced how companies view data privacy. As AI becomes more capable, data becomes more valuable, tempting organizations to leverage their datasets to fuel these systems. This sparks concerns towards privacy, especially with the risk of organizations cutting corners to maximize AI's potential. The intrinsic value of data in driving AI advancements means that data privacy is more critical than ever, requiring stringent measures to balance innovation with the protection of individual privacy.
“Reflecting on 2023, there has been a noticeable evolution in the data privacy domain. The emergence of generational AI as a transformative force has solidified its permanence in our technological ecosystem. Organizations are increasingly eager to harness the power of their data in light of AI's proven impact. However, this surge in AI-driven data utilization has also heightened the focus on data privacy. There is a growing recognition that safeguarding privacy is not just a regulatory necessity but a significant business opportunity. As a result, there's been a shift in regulatory priorities, consumer sentiment, and the general understanding of privacy. In this new AI-centric data landscape, privacy has become a valuable currency, essential for sustaining the trust and viability of AI technologies.”