Mohammed Al Muhtadi, Chief Information Security Office at Injazat, a UAE-based specialist in digital transformation and cyber-security, talks to HSSE Global about data privacy for businesses, while focusing on the needs of customers.
Q: What are the key market trends and impact areas affecting data privacy for both customers and businesses?
A: There are four key trends that are impacting customers and businesses – increased data owner control, data privacy legislation, cybersecurity and emerging tech, such as Metaverse, AI, and Blockchain.
Data owners, who supply organisations with their data are, by definition, the main authority to grant or deny access for the editing or deleting of their data –⸺and they desire more control and coverage across their data. For instance, last year, Apple granted its iPhone users the ability to deny or accept having their usage habits tracked by data harvesters and provided additional features so users know what type of data is being extracted or utilised by an app before installation. The trend of empowering users over their privacy and the presence of their data is increasing. Organisations will have to develop such data privacy mechanisms in their products to remain competitive. With time, data management will become more user-friendly.
Q: What about data privacy laws in the UAE?
A: In less than three years, the UAE has drafted its Personal Data Protection Law that applies to data owners and data processors across the UAE, similar to the EU’s GDPR. Prior to this law, the financial markets of ADGM and DIFC had their own data privacy laws for processing personal data. There is a growing need for governments and businesses to ensure that personal data is protected. This includes penalties for theft or noncompliance fines. For instance, ADGM’s 2015 data privacy law means fines of $28 million for noncompliance to an organisation for data privacy can be issued. The UAE’s Personal Data Protection Law can issue fines up to AED 500,000 for violating an individual’s data privacy.
Q: How can businesses combat cybersecurity threats?
A: Cybersecurity threats are increasing on a daily basis and consumers are not only concerned about credit card theft, but also personal data harvesting. Mechanisms such as two-factor authentication and facial recognition remain essential for authorising transactions and maintaining data security.
Emerging tech will always present new challenges for data privacy and data protection. The principle that prevents users from modifying existing data is the fundamental barrier, because data cannot be changed without its corresponding hash also changing. Privacy in the metaverse presents its own unique challenges. Using marketing data may be a way to harvest more invasive data, such as hand gestures, our voices, our movements and breathing, which is a very Orwellian reality that can invade the privacy of our homes. The solution would be to develop or enhance existing technologies and laws to accommodate these emerging technologies that are not currently compliant.
Q: What are the foundational elements of trust for consumers, employees and businesses?
A: Customers, employees, and businesses have established clear priorities when it comes to trust. But businesses must ask themselves if they are doing enough. In some cases, business actions on trust do not align with what executives consider to be important. A lack of accountability, a lack of customer experience and a lack of clear communication are often significant problems. The main factors driving trust include ethical business practices, cybersecurity, corporate transparency, social responsibility, data protection – and accountability when mistakes happen.
Q: How does having data privacy at the centre of a customer strategy create a business advantage?
A: Companies that build or provide services that incorporate data privacy are not at a business advantage anymore. It is an expectation today. More users are parting ways from social media platforms, such as Twitter, YouTube and Facebook, and opting for alternatives due to data privacy violations and harvesting of personal data. In 2021, these platforms not only lost a large count of users, but lost $10 billion revenue collectively. These organisations are now trying to maintain their relevance and develop mechanisms to ensure they meet their consumer needs.
Q: How can businesses adopt a privacy-first business strategy that customers will trust?
A: Businesses must conduct an assessment of their target market and analyse the legislation around data privacy in their operating regions. In addition, organisations must utilise cybersecurity capabilities to challenge their mechanisms on data protection and data exposure. Having a strong cybersecurity foundation is essential to ensure that adequate controls are in place to protect data in the event of a breach. Furthermore, organisations are advised to adopt a privacy framework in their own organisation and educate their employees about data privacy as part of their awareness sessions and work culture.
Q: What key steps should businesses be aware of when starting the process of unifying customer data across all data sources?
Start by analysing existing customer data and consolidating data across your platforms. Unify the data analysed and ensure adequate control measures are present. Furthermore, only collect what is necessary and provide an opt-out or deletion mechanism for customers. In addition to this, developing a data governance strategy and training employees on data management and privacy are helpful measures.
Interview courtesy of Georgia Lewis
