By 2025, privacy lawsuits and claims related to biometric information processing and cyber-physical systems will have resulted in over $8 billion in fines and settlements, according to Gartner, Inc.
“Autonomous vehicles, drones that capture video, smart buildings and smart cities are cyber-physical systems that capture biometrics of all kinds,” said Bart Willemsen, research vice president at Gartner. “The collection and storage of biometric information is gaining, whether in the form of fingerprints, iris scans, remote recognition of face, gait, voice, or even DNA samples. But this information has huge potential to be misused or abused.”
During his session at the Gartner Security & Risk Management Summit, taking place virtually, Willemsen said that new privacy laws cover the capture, conversion, storage and processing of biometric data, and can even apply to face tagging technology in social media. They may also come with a retention regime, and may prohibit selling, leasing, trading or profiting from biometric data. Some prohibit the usage of biometric information in certain use cases altogether.
Gartner predicts that by 2024, large organizations’ average annual budget for privacy will exceed $2.5 million, allowing a shift from compliance ethics to competitive differentiation.
Privacy budgets increased from $1.7 million in 2019, to $2 million in 2021 and are expected to continue to increase at a steady rate. The sudden uptick in online activity, remote working, and virtual learning increased cyberthreats. With the expansion of privacy regulation efforts across dozens of jurisdictions in the coming two years, many organizations will only see the need to start their privacy program efforts now.
Gartner recommends that organizations first gain full control in detail over all personal data processing activities before they can hand over that control to the individual. One way to do that is through privacy rights and consent management services.
Depending on the maturity of their privacy programs, organizations are reaching beyond mere compliance-driven wor, toward customer-centric activities. For example, allowing customer experience professionals to address customer complaints on lack of transparency, and automation of the privacy UX, or by giving access to privacy rights to all global clientele, whether they have to or not, treating customers internationally equally.
Also published on Medium.