Dominique Shelton Leipzig moderates a panel at RSA Conference 2022 with Keith Enright, Google's chief privacy officer, Jane Horvath, Apple's chief privacy officer, and Kalinda Raina, vice president and chief privacy officer at LinkedIn.

Jun 09 2022

RSA Conference 2022: Ensuring Privacy When Data Is Everywhere

Data is being generated at an unprecedented rate, and organizations must handle that data responsibly to protect consumer privacy.

Cybersecurity is all about trust.

Most of the time, IT conversations about trust center on concepts such as zero trust, which helps organizations determine whether users can be trusted and how much access they should receive.

But there’s another side to the question of trust: Consumers must feel they can trust organizations with their data, and recent data breaches have sown doubt among the general public.

At a panel discussion on zero trust at RSA Conference 2022, Niloofar Razi Howe, senior operating partner at Energy Impact Partners, cited the 2022 Edelman Trust Barometer as evidence of the public’s eroding trust. According to the barometer, nearly half of respondents view government and media as divisive forces in society. The results also showed “an even greater expectation of business to lead as trust in government continues to spiral. But this is not a job business can do on its own. Business must work with all institutions to foster innovation and drive impact.”

Click the banner below to receive exclusive industry content when you register as an Insider.

Technological Progress Depends Upon Consumer Trust

In a separate panel discussion on the current state of data privacy, Kalinda Raina, vice president and chief privacy officer at LinkedIn, noted what she called a “really exciting shift that has been happening with people’s awareness and judgment of companies based on how they’re handling data.” She said she believes that “as we head into the next 20 years, the things that are possible are only going to be possible with people’s trust, and people’s trust in the organizations that are doing those things.”

Dominique Shelton Leipzig, who moderated the panel, pointed out the overwhelming volume of data companies must manage, noting that it’s being created at a rate of 2.5 quintillion bytes per day. “I understand that there are 127 new connected devices that are being created and innovated per second. So, every day, about 11 million new connected devices come online,” Leipzig said. 

Raina acknowledged the tremendous volume of data being created, which she said has forced organizations to think about its governance. “How do we annotate this data? How do we keep track of it? How do we put policies on it? How do we make sure it’s deleted in an automatic fashion? How do we put access controls in place?” she said.

Jane Horvath, chief privacy officer at Apple, suggested technology might be the solution to some data privacy issues. “As far as data goes, there is a different range of data that could be impactful. So, data that is not tied to an identity is a whole lot less risky than personal information. So, one of the things that we’ve worked deeply on at Apple is trying to use privacy-enhancing technologies to minimize the amount of personal information that we collect.”

READ MORE: Learn about the many challenges IT leaders face in a work-from-anywhere world.

Can Federal Legislation Help Restore Trust in Data Privacy?

The panel was made up of data privacy officers from Apple, LinkedIn and Google, global organizations already subject to data privacy requirements under the European Union’s General Data Protection Regulation (GDPR). As Leipzig mentioned, a draft of American legislation was introduced June 3 for consideration by Congress.

Raina said she views the legislation as a powerful tool in keeping data private. “I think one of the things that we are seeing potentially happening if we do get federal legislation here in the U.S. is the requirement of privacy by design. We’ve already seen it develop in our GDPR laws. But we might also be able to see that here in the U.S. as well, which I think would be a real opportunity for growth in the profession, from the engineering perspective of folks who have both that privacy stance and the security stance, to build that into products so that we really ensure we’re building with trust.”

Keith Enright, chief privacy officer at Google, said he also envisions American legislation as an opportunity. “There is growing interest in the investment community to understand how you are thinking about privacy, not only as you define your company's role in society and sort of defining your own sense of social responsibility but also in the way that you’re thinking about it as a risk factor for your company.”

“If you are building appropriate governance and accountability systems into your company, to ensure that as both an opportunity and a risk, you’re appropriately anticipating engaging with, preparing for and addressing privacy in your product strategy and your corporate vision,” Enright said.

Keith Enright
Companies should be held to account not only by regulators and law enforcement but by users.”

Keith Enright Chief Privacy Officer, Google

Rebuilding Trust Will Require Accountability For Companies

Raina noted that it may become necessary to educate the public if trust is to be rebuilt. She pointed out that most multinational companies are already complying with privacy requirements under GDPR. Smaller organizations, however, are less likely to be subject to those regulations and will have to adjust to compliance and accountability under potential U.S. legislation.

Horvath agreed with Raina, pointing out that companies regulated by GDPR are already held accountable. “The accountable system has to show that you’re complying with the laws. So, you know, that comes naturally, and companies should be accountable for the statements they make.”

Enright voiced his agreement about the necessity of accountability. “Companies should be held to account not only by regulators and law enforcement but by users. If a company is building a brand around privacy and making promises to that, that is their mission, that is what they’re doing. I’m encouraging users to become as sophisticated as they can be and work with companies that are being honest with them.”

Keep this page bookmarked for articles and videos from the event, and follow us on Twitter @BizTechMagazine and the official conference Twitter feed, @RSAConference.

Photography by Joe Kuehne

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.