Beyond Data Security: The Evolving Data Privacy Landscape
Businesses across the world are facing a paradigm shift when it comes to managing data. We are moving from a security-focused approach, based on how data is protected, to a regulatory approach, based on data privacy. This expands the scope of data management to include how data is used, how it is disclosed, how it is retained, and more. Security hasn’t gone anywhere — data still needs to be protected. But privacy goes further, and includes our rights as individuals to control the data about us that we generate every day.
In today’s evolving data landscape, it is estimated that over 2.5 quintillion (that’s 2,500,000,000,000,000,000) bytes of data are created each day. And the digital universe — a term used to measure the existing size of digital data — is estimated to be 40 zettabytes (40,000,000,000,000,000,000,000 bytes). It is also estimated that 90% of the digital universe was created in the last two years. With our connected world, that means most of this data is stored online somewhere.
Most countries have some form of data protection regulations in place, and they are evolving quickly. Examples include GDPR in the European Union, CCPA in California, and PIPEDA in Canada. Privacy regulations are evolving to address the data economy and the demand by data subject owners — such as individual people — for some form of protection. The pace of evolution is clearly increasing, as proven by the change from the Sarbanes–Oxley Act of 2002 to today’s worldwide compliance footprint.
According to a 2018 report, in the US alone, at least 35 states reviewed more than 265 bills and legislative regulations related to cybersecurity. Fifty of the efforts became law. Many of these laws also addressed privacy and privacy rights, such as CCPA.
These rapidly changing privacy regulations — by state, province, region and country — make it difficult to understand the potential impact for an organization. We can say, as a general rule, that businesses of all sizes will be affected by privacy regulations, from internal data (e.g., human resources files) to external data (e.g., customer data). And, to put this in concrete terms, ignorance will not be an acceptable excuse when it comes to the potential, and substantial, fines imposed by regulatory bodies.
Voice data, whether in the form of transcriptions, biometric voiceprints, or audio recordings themselves, is personal data subject to privacy regulation. As the voice user interface is adopted by more companies, and voice data is used in more analytics processes, how a company addresses privacy becomes a prominent concern.
So how do you prepare for privacy, both as a consumer and as a business? Below are some best practices.
Voci has a well-developed privacy program dedicated to protecting the privacy of the data entrusted to us, from employee data to customer data. Our program has been developed to allow our customers to successfully navigate the privacy obstacles that arise in relation to automatic speech recognition/speech to text technology.
Voci’s approach ensures that data is always used with the appropriate consent of the customer and in alignment with customers’ business and regulatory requirements. Access to data for transcription, tuning and specialized language models is governed under a single, unified program. The ability to ensure privacy for all of these business processes is core to Voci’s data management program.