According to Gartner, Inc., a world leader in research and advice for businesses, lawsuits and claims related to privacy breaches with biometric information systems and processing will cost more than $8 billion in fines worldwide by 2025.
Bart Willemsen, Vice President of Research at Gartner
“Autonomous vehicles, video-capturing drones, smart buildings and cities are cyber-physical systems that capture biometric records of all kinds,” says Bart Willemsen, Vice President of Research at Gartner. “The collection and storage of biometric information is increasing, whether in the form of fingerprints, iris scanning, remote facial recognition, as well as body and voice analysis or even DNA samples. But this information has great potential to be misused or abused.”
In this scenario, the analyst warns that the new privacy laws already cover the capture, conversion, storage and processing of biometric data, and can therefore be applied to face tagging technology in social media. They may also come with a retention regime, which may prohibit the sale, lease, trade or profit from biometrics. According to the Gartner analyst, some of these regulations completely prohibit the use of biometric information in certain situations.
“In these cases, it is important for security and risk management leaders and privacy leaders to consider alternative, less intrusive means of achieving the intended purposes, explaining all necessary information to the customer without any caveats,” adds Willemsen.
Some consumer-oriented multinational organizations are actively moving to a self-service model through privacy portals and registration forms. Its intention is not simply to avoid regulatory fines, but also to bolster customer trust and maintain positive brand sentiment.
Privacy budgets will increase, allowing privacy to shift from compliance to competitive advantage – Gartner predicts that by 2024, the annual privacy budget of large organizations will surpass the $2.5 million mark, enabling a shift from ethics of compliance to competitive differentiation.
Data privacy budgets grew from $1.7 million in 2019 to $2 million in 2021. Growth is expected to continue. The sudden increase in online activity, remote work and virtual education have amplified cyber threats. With privacy regulatory efforts expanding in dozens of jurisdictions over the next two years, many organizations will only see the need to begin their privacy program efforts now.
Gartner recommends that organizations first gain full control over all personal data processing activities before they can hand that control over to the individual. One way to do this is through privacy rights and consent management services. “The customer will experience the difference between having to wait weeks for an incomplete answer or, in seconds, having full access to the answer to the question 'what data does an organization process about me?'. That difference is where trust is gained or lost,” says Willemsen.
Depending on the maturity of privacy programs, organizations are already moving beyond mere compliance-oriented work towards customer-centric activities. For example, enabling customer experience professionals to resolve customer complaints about lack of transparency and automation of privacy, or giving access to privacy rights to all of your global clientele, whether mandatory or not, treating customers internationally equally. .
