Who wins the security vs. privacy debate in the age of AI?
The triad to balance security and privacy
To build an enterprise framework that balances security and privacy while simultaneously enabling customization based on end-user preferences, organizations must consider transparency, demonstrate value and provide options to their users.
When it comes to transparency, consider the German airline Lufthansa. It adopted an easy-to-understand framework that offers visitors to its websites three choices under the categories of statistics, comfort and personalization. These choices range from anonymity to personalization, and the company provides a clear articulation of how each choice impacts privacy, from ultra-private to more intrusive data collection.
To adopt a similar data-collection approach, organizations must ask themselves if data collection is used to build highly customized user profiles. If so, are users aware of this and do they have an ability to opt out? If not, data should be anonymized so it does not contain user identifiers. Organizations should transcribe this information in easy-to-understand language for their users.
Credit card companies consistently demonstrate value to their users. Consider fraud alerts that warn a user his card is being used at a location he has never visited. A quick reply to an email or a text can verify if the card is being abused. Credit card companies have demonstrated the value of constantly and consistently tracking their users’ every physical and online move, using AI-based security analytics to alert deviations from the norm. This is an example of less privacy in exchange for more security.
Companies harvesting data and utilizing it for their own business purposes must showcase how their cyberintrusion can lead to more secure digital outcomes. When considering the value they are providing customers, organizations must ask themselves if there is a highly customized user profile for each customer. If so, is the profile being used for more targeted customer offerings only? For example, take the credit card company that may offer credit monitoring services. If the answer is yes, organizations should consider investing in how insights can be translated into ongoing basic awareness offerings for the customer.
Optionality is a clear way to extend transparency into action that offers end users choices they can control. Take note-taking app Evernote’s three laws of data protection, shown below.
“Your data is yours” demonstrates clear data ownership — the user can delete it at any time and it cannot be sold or transferred to a third party. “Your data is protected” highlights that the organization assumes responsibility for protecting user data. “Your data is portable” means the user has the right to take all the data that has been amassed by the organization and transfer it elsewhere.