Wednesday, 24 October 2012
"Rethinking Personal Data"
Earlier this year the World Economic Forum, working with BCG, developed a new report entitled "Rethinking Personal Data". Here is a summary and the key recommendations made within the report.
The explosive growth in the quantity and quality of personal data has created a significant opportunity to generate new forms of economic and social value. Just as tradable assets like water and oil must flow to create value, so too must data. Instead of closing the taps or capping the wells, all actors can ensure that data flows in a measured way. But for data to flow well, it requires the same kinds of rules and frameworks that exist for other asset classes.
The reality has been quite different, however. High-profile data breaches and missteps involving personal data seem to be reported almost daily by the media. Tension has arisen between individual perceptions of harm and powerlessness versus organizational feelings of control and ownership. The result: a decline in trust among all stakeholders. Individuals are beginning to lose trust in how organizations and governments are using data about them, organizations are losing trust in their ability to secure data and leverage it to create value, and governments are seeking to strengthen trust to protect an individual’s privacy. Yet, at the same time, consumers continue to share personal data and online retail continues to grow.
Among the three actors – individuals, organizations and governments – dialogue about personal data is currently anchored in fear, uncertainty and doubt. Together, these issues have the potential to undermine the economic and social wealth possible from this new asset. All stakeholders in the ecosystem face a challenge of unprecedented size, speed and complexity. Rules and norms change faster in a hyperconnected world and potentially outstrip the ability of traditional rule-setting approaches to keep pace. But, there is debate among different stakeholders and different regional jurisdictions on the best approach for establishing rules that allow data to flow in a trusted manner.
To restore trust, this report proposes three separate, but related questions, which need to be addressed by all stakeholders:
1. Protection and Security: How can personal data be protected and secured against intentional and unintentional security breach and misuse?
2.Rights and Responsibilities for Using Data: How can rights and responsibilities, and therefore appropriate permissions, be established for personal data to flow in ways that both respect its context and balance the interests of all stakeholders?
3.Accountability and Enforcement: How can organizations be held accountable for protecting, securing and using personal data, in accordance with the rights and established permissions for the trusted flow of data?
Answers to these questions will not be easy. Stakeholders have different cultural norms, time frames for action and paths to a potential solution. Different regions are at different stages of this process of establishing a framework for dealing with personal data. However, the global nature of data flows suggests that leaders need to work together to achieve a coordinated yet decentralized approach to this challenge.
This report recommends that all the stakeholders take four main steps:
1.Engage in a structured, robust dialogue to restore trust in the personal data ecosystem. The debate needs to focus on achieving consensus on some of the key tensions, including securing and protecting data, developing accountability systems, and agreeing on rules for the trusted and permissioned flow of data for different contexts. Central to this dialogue is the inclusion of individuals, who play an increasingly important role as both data subjects and as data creators.
2.Develop and agree on principles to encourage the trusted flow of personal data. The simple slogan of “think globally, act locally” can help frame these principles (i.e. shared principles can help all the actors aim towards the same outcomes, even if their approaches for how to get there differ).
3.Develop new models of governance for collective action. Regulators, organizations and individuals can play complementary roles in establishing accountability systems, enforcement mechanisms, rights and permissions.
4.Establish “living labs”. Given the complex social, commercial, technical and regulatory uncertainties and interdependencies, an environment which can provide stakeholders with the ability to test and learn in real time (and at scale) needs to be established. These labs can provide a safe context for more fully understanding the system dynamics and collectively identifying shared opportunities, risks and the means for effective collaboration.