digital-privacy

In the rapidly evolving digital era, internet users have become increasingly aware of how their information is collected and used online. According to Norton LifeLock, 85% of adults want to do more to protect their online privacy. As consumers express concern and global regulations tighten, it is important to understand the premise of digital privacy and how to comply with it. 

Data Privacy or Digital Privacy?

Despite similar names and concepts, there is a stark distinction between data privacy and digital privacy. Data privacy refers to when a company or website properly handles sensitive user information such as personal contacts, medical records, financial history, and intellectual property. Data privacy works to prevent unauthorized access to confidential information by governing how data is collected, used, and shared. This concept pertains to both the digital and non-digital realms.

On the other hand, digital privacy focuses specifically on protecting our own information that we knowingly or unknowingly share online. An astonishing 90% of the world’s data was generated in the last two years alone! Most of that information was created or provided by individuals while using the internet. Safeguarding this user data mitigates the risk of web-based attacks, further promoting a more secure and trustworthy cyberspace. Without maintaining digital privacy, bad actors could easily monitor online activities, such as conversations and transactions, leading to harmful interceptions and breaches.

The concepts of data privacy and digital privacy both exist to protect individuals and their private information. It is crucial for internet-based systems to satisfy the level of security required by each of these measures.

Engineering Digital Privacy for All

The responsibility of creating a technical framework that fosters digital privacy falls heavily on engineers. Concurrently, existing and emerging laws have brought big changes to the technical engineering landscape. Soon enough, digital privacy regulations will cover 75% of the world’s population.

By not paying close attention to these laws, companies could be risking data breaches, harsh financial penalties from violations, and jeopardizing their reputation within the industry.

Adapting to changing data regulations has resulted in the creation of the Privacy by Design concept, which incorporates the idea of including privacy in every aspect of the engineering and product development cycle. The emerging role of privacy engineer implements this concept, ensuring that data privacy considerations are integrated into the product design.

Gather the Tools to Operationalize Internet Privacy

Is your team up-to-date on the latest privacy technologies and ethics?

Get ahead with Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy. This four-course program provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy.

Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization.

Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Resources

(2022). 2022 Norton Cyber Safety Insights Report: Special Release— Online Creeping. Norton LifeLock.

(3 March 2021). What is Digital Privacy? Definition and Best Practices. Microanalytics.

What is Data Privacy? SNIA.

Privacy By Design. Deloitte.

The Growing Role of Data Privacy Engineering on Technology. IEEE.

data-privacy-engineering

Did you know that your own car might be “spying” on you?

According to a recently released report by The Mozilla Foundation, a non-profit organization that advocates for secure online experiences, the apps, sensors, cameras, and other high-tech bells and whistles built into many new cars today collect and share personal data such as where we go, how fast we drive, what radio stations we listen to, the status of our health, and even our genetic makeup.

This enlightening revelation – the result of The Mozilla Foundation’s survey of 25 car manufacturers – underscores the downside of a modern-day society that’s fueled by data but can fall short on data privacy standards and enforcement.

A Very Real Concern for Individuals and Companies Alike

Privacy concerns are by no means a new trend, but they’re growing. The threat that today’s highly-connected infrastructure poses to personal digital privacy is very significant to citizens and businesses around the globe.

According to Surfshark’s User Attitudes Towards Privacy Survey 2022, 90% of the internet users worldwide who were surveyed agreed that online privacy is important to them – in fact, nearly half of the adults across twelve countries who participated in Cisco’s 2021 Consumer Privacy Survey claimed to have terminated relationships with companies over their inadequate digital data privacy policies. 

Similar concerns over the state of data privacy were confirmed by McKinsey Digital in their recently-published McKinsey Technology Trends Outlook 2023. According to the report, the trend of “trust architectures and digital identity” (which focuses on building and maintaining the trust and integrity of those who use an organization’s data and digital-enabled products and services) grew the most out of the fourteen trends they tracked over the past year as the issues of security, privacy, and resilience have taken center stage.

The Need to Close the Skills Gap

New regulations and parameters on data sharing worldwide are requiring greater levels of privacy engineering in the product design process. Examples include Europe’s 2022 “NIS2 Directive” and “2023 Data Governance Act” and recently-strengthened data privacy laws enacted in states throughout the U.S. At the same time, shifting societal attitudes have led consumers and business customers alike to increasingly expect products and services to incorporate appropriate levels of security, technology resilience, and other digital-trust properties as part of their value proposition.

As a result of these developments, global equity investment in the field of trust architectures and digital identity grew to US$47 billion in 2022 – nearly five times its level in 2018. Furthermore, subsequent demand for skilled talent within the field has risen steadily, with job postings growing by over 16% between 2021 and 2022.

While the demand for stronger data privacy features and expertise is on the rise, a deficit of talent in this specialty persists in 2023. This talent gap is especially prevalent in the areas of risk analysis, regulatory compliance, computer security, cryptography, and identity management, where the McKinsey Technology Trends Outlook 2023 revealed that there are only one to four qualified applicants per ten job postings.

Products and services that don’t adequately protect customer data privacy can lead to catastrophic fallouts such as data breaches that can significantly impact an organization’s financials as well as its brand and reputation. The organization could also incur harsh financial penalties for violating data privacy regulations. Given these concerns, product development teams are increasingly acknowledging the need to address security and technology risks earlier in the development and delivery life cycle.

Make Data Privacy Your Business

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization.  Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Ethical transparency is critical to an organization’s success and it must be included in digital environments. Successful digital environments require rigorous ethical standards that incorporate honesty, impartiality, protection, security, and privacy.

AI Standards: Roadmap for Ethical and Responsible Digital Environments provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. Contact an IEEE Content Specialist to learn more about how this program can benefit your organization. Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

 

Resources:

Caltrider, Jen, Rykov, Misha, and MacDonald, Zoë.  (6 September 2023).  “It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy.” The Mozilla Foundation.

Howarth, Josh.  (21 February 2023).  “23+ Alarming Data Privacy Statistics For 2023.”  Exploding Topics.

Chui, Michael, Issler, Mena, Roberts, Roger, and Yee, Lareina.  (20 July 2023).  “McKinsey Technology Trends Outlook 2023.”   McKinsey Digital.

 

data-privacy-skills

Experts, commentators, and pundits alike have been saying it for years: Data is the new oil. The phrase is widely credited to mathematician Clive Humby, who also said, “Like oil, data is valuable, but if unrefined, it cannot really be used. It has to be changed into gas, plastic, and chemicals to create a valuable entity that drives profitable activity. Data must be broken down and analyzed for it to have value.”

Artificial intelligence and automation technology offer new ways to target potential customers, personalize messaging, and recommend products, thereby making data an essential resource for modern enterprises and business decision-making. Companies around the globe collect and analyze volumes of data daily. This highly valued commodity needs to be protected, but so do the individuals who provide it. 

For modern companies, navigating data privacy can seem overwhelming. Different regions may be subject to varying legislation levels. Additionally, citizens of a particular region may still be protected by those laws no matter where they’re presently located. As data privacy regulations grow, companies face constantly changing data management requirements to secure the correct opt-in permission and ensure compliance. Recent data breaches and hacks of Uber, Verizon, Meta, and Microsoft demonstrate how sophisticated hackers have become.

Flawed Practices Lead to Consumer Mistrust

Inferior consumer privacy practices expose businesses to real repercussions, such as an increase in consumer data breaches. In 2021, there were more than 130,000 personal data breaches. These instances led to material losses like fines, but more importantly, loss of trust for current and prospective customers. According to a recent report, 87% of consumers “would not do business with a company if they had concerns about its security practices.” Investments in data protection and privacy fosters consumer loyalty and trust in a company’s products. 

Data Security is Paramount

Without a solid data security platform, your company risks financial penalties for violating data privacy regulations and jeopardizing your company’s reputation. A recent article in Apple Magazine provides six tips for better data security in the workplace:

  • Make sure all employees have strong passwords
  • Have disaster recovery plans in place
  • Create strong firewall and antivirus software policies
  • Monitor and analyze your users’ online habits
  • Encrypt your data whenever possible
  • Invest in employee training programs

Technologies such as artificial intelligence, machine learning, the Internet of Things, virtual reality, and facial and biometric recognition all use or generate personal data. Protecting that data should be a top priority—and training your organization in data privacy can provide a critical competitive advantage. Does your company place a priority on data privacy skills?

Privacy by Design is the Future

Companies should consider both data privacy and security issues daily. According to Lindy Cameron, CEO of the UK National Cyber Security Centre (NCSC), a secure-by-design approach is vital to protecting the growing Internet of Things (IoT) and consumer-connected devices. She goes on to explain how the last decade has seen an increase in significant security risks as “the scale of consumer-, enterprise-, and city-level IoT has exploded in the last decade,” along with a growing dependency on connected technology.

Data privacy is not the domain of just IT departments anymore. Protecting personal data should start in product development—ensuring that every product team member understands privacy by design. For effective results, privacy should be layered throughout the product development lifecycle.

Enhance Your Data Privacy Skills

Engineering and technology professionals must increasingly consider data privacy and security when designing products and systems. As the world becomes more automated, it’s crucial for your organization to understand how to protect its data and devices.

Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques. Contact an IEEE Account Specialist today to get access to the course program for your organization. Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).


Resources

Drapkin, Aaron. (18 October 2022). Data Breaches That Have Happened in 2022 So Far. Tech.co.

Hill, Michael. (24 October 2022). Security by design vital to protecting IoT, smart cities around the world. CSO.

Huang, Helen. (18 October 2022). Putting privacy first: A global approach to data governance. Treasure Data.

Newsroom AppleMagazine.com. (24 October 2022). 6 Tips for better data security in the workplace. AppleMagazine.com.

Talagala, Nisha. (2 March 2022). Data as The New Oil Is Not Enough: Four Principles for Avoiding Data Fires. Forbes. 

Robicquet, Alexandre. (19 October 2022). Why Businesses Don’t Need More Data—They Need Better Data. Forbes. 

data-privacy-principles

In today’s hyper-connected world, phrase “data is king” rings truer than ever. Data now drives our economy. Companies and organizations across industries actively leverage it to gain a competitive edge.

People share information constantly — face-to-face, over the phone, through online forms, and via email or text. Even more varied are the types of data we disclose: addresses, phone numbers, social security numbers, financial data, and health records. Beyond that, our digital footprints include what we buy, what we post, how we unlock our phones, and even how we move through public and private spaces.

Whether we share this information voluntarily or not, countless entities collect it. They use it for purposes we often don’t fully understand.

For Instance, Did You Know…

  • Your DNA holds value. When people submit saliva samples to genealogy or genetic testing services, those companies may resell the data to pharmaceutical firms for research or marketing. Kirsten Ostherr, PhD, director of medical humanities at Rice University, warns that this data could also influence life insurance rates, loan interest rates, or hiring decisions. In some cases, law enforcement may access DNA data without consent during criminal investigations.
  • Apps track browsing and purchase histories to deliver personalized ads. While some ads, like those for similar clothing items, may feel helpful, others can cross ethical lines. For instance, targeting individuals based on medical conditions can feel invasive or even predatory.
  • Social media platforms routinely analyze shared content — photos, videos, and posts — using AI. These algorithms help companies identify patterns and pursue business goals. However, many users don’t realize that “private messages” may not be truly private.

Transparency Is Key

Ultimately, information is power. In all of the above cases, “the user received something in return for allowing a corporation to monetize their [personal] data,” confirmed Louise Matsakis of technology publication Wired.

However, this often-unwitting exchange isn’t something all users take lightly. A recent Pew Research Center study revealed that four out of five people surveyed feel that they have little control over the data that companies or government agencies collect on them and are either “very” or “somewhat” concerned about how companies are using it.

In light of growing ethical concerns and the alarming incidence of personal data breaches and other cyber crime that’s forecasted to incur more than US$10 trillion in damages worldwide by 2025, according to Cybersecurity Ventures, most countries have enacted some level of data privacy legislation that sets parameters around how data is collected, used, and shared. However, these laws aren’t standard across different countries – or even centralized at the federal level, as is the case across the U.S. This gap leaves countries/states to largely enact their own data privacy laws and penalties for non-compliance. For organizations serving a global population, this can be especially difficult to navigate.

Privacy By Design

Given that data privacy definitions aren’t yet standardized, experts say that organizations must take measures to ensure that data privacy and transparency are addressed up-front in order to be more efficient. In other words, personal data will be better insulated and companies will be increasingly protected from the legal and financial repercussions of data privacy non-compliance when they make concerted efforts to build the key pillars of data privacy into their product development process at the outset.

The European Union formally subscribed to this theory by adopting the concept of ‘Privacy by Design,’ a process by which technology is used to engineer data privacy into the development of products at their earliest stages. It’s an approach that savvy companies are watching closely in the best interests of both their customers’ privacy and security as well as their organization’s integrity/brand.

Position Your Organization for Success

The protection of privacy and personal data is an essential human right – one that requires organizations to take action to ensure data privacy for their users. Ideally, data privacy should begin in the product development stage. It’s a best practice undertaken to ensure that every member of the product team understands privacy by design and how to put those guidelines into practice.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Cyber Security Tools for Today’s Environment, an online 11-course program from IEEE, helps businesses improve their security techniques. Contact an IEEE Account Specialist today to get access to the course program for your organization. Interested in learning about getting access to the course for yourself? Visit the IEEE Learning Network to learn more.

Resources

Matsakis, Louise. (15 February 2019). “The WIRED Guide to Your Personal Data (and Who Is Using It).” Wired.

“Americans And Privacy: Concerned, Confused And Feeling Lack Of Control Over Their Personal Information.” (19 November 2019). Pew Research Center.

Morgan, Steve. (13 November 2020). “Cybercrime To Cost the World $10.5 Trillion Annually By 2025.” Cybercrime Magazine.

14 December 2022. “Data Privacy Laws: What You Need to Know in 2023.” Osano.

Nudson, Rae. (9 April 2020). “When Targeted Ads Feel a Little Too Targeted.” Vox.

qualified-data-privacy-professionals

Utah and Connecticut recently joined a growing number of U.S. states – including California, Colorado, and Virginia — passing data privacy laws. These regulations give citizens greater control over their data and empower them to hold organizations that violate the rules accountable. A number of federal governments, including the European Union, China, Brazil, have also passed similar laws.

While the U.S. does not currently have a federal data privacy law, federal regulators are still taking action. The U.S. Justice Department and the Federal Trade Commission recently settled a suit against Twitter over allegations that it misled people over how their phone numbers and email addresses would be used, slapping the social media company with a $150 million USD fine.

Meanwhile, a recent ruling in a $650 million USD class action lawsuit against Facebook found it violated the Illinois’ 2008 biometric privacy law over its handling of facial recognition data. As a result, the social media giant must pay over 1.4 million residents up to $397 USD.

These legal actions are only the beginning. According to CPO Magazine, legislators in at least 27 states in the U.S. have introduced data privacy bills in the last several months.

“By 2024, it’s likely that almost every state will have its own version passed into law,” writes Bill Tolson, Vice President of Global Compliance & eDiscovery at Archive360, in CPO Magazine. “This is getting little to no attention in the business world, and yet it requires serious effort to ensure compliance. Businesses getting prepared now are barely ahead of the curve; those that put it off till the laws hit the market will have to scramble to keep up.”

Data Privacy Professionals Are In High Demand

Data privacy professionals are quickly becoming some of the most in-demand technical professionals in the world today. A recent report from the recruitment company TRU Staffing Partners found a 30% increase in open data privacy jobs, due to a combination of the rise in remote work and the recent proliferation of data privacy laws. In addition to there not being enough data privacy professionals, the report also found a shortage of professionals with the right qualifications. According to CPO Magazine, some key findings from the report include:

  • Qualified data privacy professionals have a competitive advantage in the current job market. Whereas it generally took up to six weeks for someone with the right qualifications to get hired after submitting their resume in 2019, it took roughly one week on average in 2021.
  • Data privacy professionals typically have a minimum of two job offers at a time. When they are actively looking for a job, this increases to three.
  • Privacy professionals have seen a 22% growth in pay (earning about $20,000 – $30,000 USD more in general annually for the same positions). Similar increases are anticipated by 2023.
  • About 75% of these positions are in corporations, 20% are in consulting and software companies, and 5% are in the legal industry.

As more governments pass regulations and organizations seek to fill their knowledge gap, now is the perfect time for technical professionals to learn the ins-and-outs of data privacy.

Growing Your Data Privacy Skills

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Ethical transparency is critical to an organization’s success and it must be included in digital environments. Successful digital environments require rigorous ethical standards that incorporate honesty, impartiality, protection, security, and privacy.

AI Standards: Roadmap for Ethical and Responsible Digital Environments provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. Contact an IEEE Content Specialist to learn more about how this program can benefit your organization. Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Bensinger, Greg. (30 May 2022). How Illinois Is Winning in the Fight Against Big Tech. New York Times. 

Casale, Elizabeth; Collum, Christopher; Shreve, James; Sosnicki, Luke. (27 May 2022). Utah and Connecticut enact comprehensive data privacy laws. thompsoncoburn.com. 

Gordon, Marcy. (25 May 2022). Twitter to pay $150M penalty over privacy of users’ data. ABC News.

Sauer, Megan. (25 May 2022). Some Facebook users are receiving $397 checks over data privacy violations—and these tech companies could be next. CNBC. 

Tolson, Bill. (20 May 2022). Data Privacy Conundrum: When Different States Play by Different Rules. CPO Magazine. 

Ikeda, Scott. (9 May 2022). Data Privacy Jobs Report Shows Demand for Privacy Pros at Record High Thanks to Complex Regulatory Requirements, Mass Migration to Cloud Services. CPO Magazine. 

Big data is creating exciting new opportunities for artificial intelligence (AI). According to Arvind Krishna, Chairman and Chief CEO of IBM, 2.5 quintillion bytes of data are produced each day. To analyze, distribute, and make use of this data, many organizations are combining AI with hybrid cloud technology.

“The economic opportunity behind these technologies is enormous, given that business is only about 10 percent of the way to realizing A.I.’s full potential,” writes Krishna in Inc.com. “Fortunately, we are making steady progress, with the number of organizations poised to integrate A.I. into their business processes and workflows growing rapidly. A recent IBM study showed that more than a third of the companies surveyed were using some form of A.I. to save time and streamline operations.”

However, for artificial intelligence programs to work effectively, organizations need to successfully manage their data. According to Andrew P. Ayres, a Senior Specialist with HPE’s Enterprise Services practice in the United Kingdom, writing in CIO, you can achieve this by:

  • making “data-centric AI” and “AI-centric data” part of your data management strategy. Metadata and “data fabric” should be the foundational elements of this strategy.
  • establishing policy requirements that include minimum AI data quality to prevent “bias, mislabeling, or irrelevance”
  • determining the right “formats, tools, and metrics for AI-centric data” early on. This way you don’t have to develop new techniques as your AI evolves.
  • ensuring that the data, algorithms, and people within your AI supply chain are diverse. This diversity helps to stay in line with your ethical values.
  • appointing or hiring the right experts internally and externally to oversee data management. These experts are capable of developing effective processes and deployments for your AI.

How to Choose an AI Program That Works Best For Your Employees

As you develop your AI program, keep in mind that while AI can augment your organization in terms of speed and efficiency, it is not necessarily a substitute for human intelligence. 

While AI is good at analyzing data and recognizing patterns, it still has a tendency to miss important context that humans easily spot. This can have potentially devastating consequences if, for example, an AI makes a critical error when analyzing medical documentation. As such, you need to consider how to make your AI work with your human employees in the most effective way possible. 

According to experts from Boston Consulting Group, writing in Fortune, organizations can do this by following the following principles:

  • Know your options in terms of how you can combine humans with AI: Depending on your organization’s unique needs, do you need your AI to act as an illuminator, recommender, decider, or automator? Knowing the difference can help you choose the best AI system for your organization. Choose whether it’s an AI that can make predictions or one that can help you automate operations remotely. 
  • Create a decision tree: A decision tree constitutes the questions you will ask in a sequence. This helps you clearly understand your objectives (goals), context (resources in terms of data), and outcomes (results in terms of deploying AI vs employees). This will help you determine what type of AI system (illuminator, recommender, decider, or automator) you need.
  • Continuously assess and revise your human-AI combinations: Your needs for an AI program may evolve overtime and, as such, so will its relationship to your employees. For this reason it’s important to return to the decision tree occasionally to determine if you need to revise your model.

Knowing how to manage your organization’s data and determining the right AI program are important steps. However, you also need to ensure that your employees are equipped to work with this increasingly complex technology. 

Bringing Ethics to the Forefront at Your Organization

An online five-course program, AI Standards: Roadmap for Ethical and Responsible Digital Environments, provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. 

Contact an IEEE Content Specialist to learn more about how this program can help your organization create responsible artificial intelligence systems.

Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Krishna, Arvind. (18 May 2022). Why Artificial Intelligence Creates an Unprecedented Era of Opportunity in the Near Future. Inc. 

Candelon, Francois, Ding, Bowen, Gombeaud, Matthieu. (6 May 2022). Getting the balance right: 3 keys to perfecting the human-A.I. combination for your business. Fortune.

Ayres, Andrew P. (29 April 2022). Don’t Fear Artificial Intelligence; Embrace it Through Data Governance. CIO.

Blockchain technology will not only revolutionize medical records. It will also create a patient-centric healthcare industry, dramatically different from what exists today. As discussed in previous posts, blockchain is a decentralized digital ledger of transactions. It records data in a way that prevents hacking and altering of data. This is achieved by duplicating transactions and dispersing them to “nodes” across the network. 

“Blockchain possess the potential to revolutionize the healthcare industry by placing the patient at the center of the ecosystem. It amplifies interoperability, privacy, and security of health data,” write Vic Gupta and Harish Nanda, the Executive Vice President of Digital & AI and Chief Architect of Coforge, in ET Healthworld.com. “The technology is set to equip [the] healthcare industry with a more advanced Health Information Exchange (HIE) model. This could genuinely transform electronic medical records, making them significantly more secure, efficient, and disintermediated.” 

However, the healthcare industry has been slow to adopt blockchain due to the sensitivity of the data handled. 

Healthcare Blockchain Relies on Hybrid Technology Stacks

Because the healthcare industry needs to protect highly sensitive patient data, its blockchain technology must rely on a hybrid technology stack. This is necessary rather than a system in which data is delivered across blockchain nodes. This is according to Stuart Hanson, CEO of Avaneer Health.

“Instead, this technology can be used to help index the complex industry sources of data across a network. It makes this data more fluid and, therefore, valuable,” he told Healthcare IT News. “In other words, we need to figure out a delicate balance between blockchain and other technology components within the stack. This is in order to preserve the key value added from blockchain while making the entire system robust and optimized for the healthcare use cases.”

How Multiple-Signature Contracts Will Provide Solutions to the Healthcare Blockchain

According to Xudong Huang, a researcher at Harvard Medical School who was interviewed by Managed Healthcare Executive, healthcare blockchain is valuable to patients. This is because it simultaneously provides them with data security and data ownership. This is in comparison to traditional data management and security systems. He discussed this in a 2019 paper. 

Blockchain-based systems would require patients to authorize retrieval of their data through what Huang and coauthors call multiple-signature, or “multisig,” contracts in healthcare blockchains. Using these signatures, both patient and healthcare provider use separate private keys to access the patient’s medical record in the network. While this means the provider can’t access the patient’s data without permission, it also means that only providers—not patients—can change the patient’s data.

While siloing data in such a way can create obstacles for big data analytics, researchers and healthcare companies often rely on these analytics to create solutions in the healthcare industry. However, Huang thinks it may actually help. 

“An easy solution for this is any de-identified patients’ data can be released to a public database for easy access,” he told the publication. In other words, blockchain would allow wider, simplified access of data among vetted parties on the blockchain.

As the blockchain brings major solutions to healthcare, the industry will need to learn to adjust to a new, patient-centric network. Other industries will find themselves in a similar position. Has your organization prepared to adopt blockchain technology? 

Designing Blockchain Solutions

Get practical guidance for how to design a blockchain solution with the IEEE five-course program, A Step-by-Step Approach to Designing Blockchain Solutions. Developed by experts, this course program recaps the basics of the technology. It also covers the expected benefits of a blockchain solution. Moreover, it outlines how a solution would benefit a prospect company, and more.

Contact an IEEE Account Specialist to learn more about how this program can benefit your organization.

Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Gupta, Vic and Nanda, Harish. (24 March 2022). Blockchain Disrupting the Healthcare Ecosystem. ET HealthWorld.com.

Siwicki, Bill. (3 March 2022). Healthcare blockchain leader talks challenges and trends in DLT. Healthcare IT News.

Kaltwasser, Jared. (8 February 2022). Is Healthcare Ready For Blockchain? Managed Healthcare Executive.

From healthcare to supply chains, the decentralized nature of blockchain has the potential to fundamentally restructure the way organizations do business. Once fully implemented, it will also make the internet far more secure against cyber attacks – and give users greater control over their personal data.

How Does Blockchain Make the Internet More Secure?

Centralized networks are often vulnerable to cyber attacks because they tend to have few IP addresses, which hackers can easily penetrate using relatively simple schemes such as phishing. Once in, cyber criminals can do extensive damage, as recently demonstrated by waves of ransomware attacks costing companies an average of $4.24 million USD. However, the decentralized nature of blockchain presents a possible solution, as these complicated networks are far more difficult for hackers to access.

“For those blockchain solutions utilizing proof of work validation methods (such as bitcoin), hackers have to gain control of a majority of nodes to compromise ledger transactions — something that is, by design, computationally expensive,” Robert Napoli, a business strategist who writes about cybersecurity and digital transformation, wrote in Forbes. “This computational cost can be extended to other types of operations in a security scheme, reducing the need for a trusted central authority.”

Transitioning internet domain name servers (IDNs), which link web browsers to websites, to the blockchain, for instance, would disperse resources “to multiple nodes, making it infeasible for hackers to control the database,” Napoli adds. He noted that blockchain can be secured even further with the help of artificial intelligence technology.

Blockchain, Decentralized Identity, and Digital Identity Wallets

Aside from making networks more secure, blockchain technology can also give users a decentralized online identity that shields their personal data against breaches. According to Deepak Gupta, a cyber security innovator, tech strategist, and cofounder of LoginRadius, writing in VentureBeat, a decentralized identity “is based on a trust framework for identity management. It allows users to generate and control their own digital identity without depending on a specific service provider.”

With a decentralized identity (DID), users have digital “identity wallets” that store proof of their identity in a single location, which they can use to grant or deny access to third parties on the network. Not only do identity wallets give users an easier, more secure way to share their information, they also give users greater power over their own data.

According to Gupta, authentication through decentralized identity and blockchain include the following steps:

    1. The identity wallet contains the user’s verified identity details, including their name, age, address, education, employment details, and financial data. This creates a foundation of trust and confirms the user is eligible for authentication.
    2. The decentralized identity feature uses the public key associated with the private key and publishes it onto a distributed ledger like blockchain.
    3. As the decentralized system delivers the public key to the blockchain, the identity wallet receives a unique decentralized identifier representing the user across the internet.
    4. The user shares this identifier with the service provider to get authentication.
    5. The service provider seeks the shared identifier in the blockchain. If and when this is found, the blockchain then sends matching data to the application. The user then completes authentication by adding a signature using a private key.

The service provider application verifies authentication, allowing the user to take action.

The decentralized nature of blockchain has the potential to revolutionize cyber security, but will also come with radical changes. Is your organization prepared to take on this complex technology?

Designing Blockchain Solutions

Get practical guidance for how to design a blockchain solution with the IEEE five-course program, A Step-by-Step Approach to Designing Blockchain Solutions. Developed by experts, this course program recaps the basics of the technology; the expected benefits of a blockchain solution; how a solution would benefit a prospect company; and more.

Contact an IEEE Account Specialist to learn more about how this program can benefit your organization.

Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Gupta, Deepak. (5 March 2022). Decentralized identity using blockchain. VentureBeat.  

Napoli, Robert. (4 March 2022). How Blockchain Could Revolutionize Cybersecurity. Forbes. 

data-privacy-practices

Despite a rush of new data privacy regulations around the world, many organizations have yet to transform the way they collect user data. However, due to the digitization and interconnectedness of modern-day businesses, those that wait to transform their policies may soon find themselves in trouble.

“Waiting even a year or two to start building out a compliant data privacy and management program will cost more, take longer, and be more disruptive to your business operations than having to adapt strong, existing processes to legislative and cultural changes,” wrote Jodi Daniels, CEO of Red Clover Advisors, an organization that assists companies in simplifying their data privacy practices, in Inc.com.

Alternatively, organizations that start building the new regulations into data privacy programs “have a unique opportunity to market themselves as a forward-thinking, consumer-friendly industry leader,” she added.

Three Rules That Should Replace Your Current Data Privacy Practices

As organizations come under increasing pressure — both from regulators and the public — to transform their practices around data collection, they will need to start adapting new rules. Writing in Harvard Business Review, Hossein Rahnama, an associate professor at Ryerson University in Toronto, and Alex “Sandy” Pentland, the Toshiba Professor of Media Arts and Sciences at MIT, recommend that organizations should put:

  1. Trust before transactions: Many organizations currently collect troves of consumer data without obtaining user permission. However, as regulations become the norm, “data collected with meaningful consent” will become the most valuable data— given that it will become the only data that organizations will be allowed to use. As such, organizations will need to start creating processes in which they obtain explicit permission to obtain data, as well as a plan that clearly communicates with customers how their data will be used.
  2. Insight before identity: Organizations also need to make data transfer processes between themselves and other organizations more secure. Instead of transferring data through traditional data agreements, they should consider adopting technology like federated learning and trust networks that use algorithms to obtain insight from data without having to transfer the actual data.
  3. Flows before silos: Currently, chief information officers and chief data officers tend to work in silos. However, making the above changes should help them be able to break free of silos. By working with each other, they can better achieve a shared goal of obtaining the best possible insight from customer data.

    “For instance, a bank’s mortgage unit can secure a customer’s consent to help the customer move into their new house by sharing the new address with service providers such as moving companies, utilities, and internet providers,” explain Rahnama and Pentland. “The bank can then act as a middleman to secure personalized offers and services for customers, while also notifying providers of address changes and move-in dates. The end result is a data ecosystem that is trustworthy, secure, and under customer control.”

Is your organization ready to deal with the growing onset of new data privacy regulations? While you may think it’s smarter to watch and wait, preparing for them in advance is the best way to avoid potential problems in the future.

Data Privacy Training for Your Organization

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Resources

Daniels, Jodi. (3 March 2022). Why You Shouldn’t Wait to Build Out Your Company’s Data Privacy Function. Inc.com. 

Rahnama, Hossein and Pentland, Alex “Sandy.” (25 February 2022). The New Rules of Data Privacy. Harvard Business Review.

As the 2022 Winter Olympics began, so too did increased concerns over security. While no threats have been detected so far, the FBI has warned that various cyber criminals could try to take advantage of the Olympics. Their aim may be to “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals,” Tech Radar reported

Among the FBI’s major concerns is that these potential attacks could result in breaches to Olympic participants’ and workers’ personal information. The agency warned those involved to use a VPN and consistently monitor networks and endpoints. Furthermore, they should review security policies, user agreements, and patching procedures.

Organizations Fined Under the European Union’s General Data Protection Regulation (GDPR)

As we reported in a previous post, European agencies are issuing hefty fines on organizations they claim are failing to comply with the GDPR. In January, France’s data protection agency, the Commission Nationale de l’Informatique et des Libertés, fined Google and Facebook $210 million USD for allegedly violating the GDPR. Later, Austria’s Data Protection Authority found that the use of Google Analytics violates the GDPR. 

Given the widespread use of Google Analytics, this decision is expected to have a far-reaching and powerful impact. According to the International Association of Privacy Professionals (IAPP), the decision is the first of 101 complaints filed across EU nations by NOYB, an advocacy organization. 

The group alleges that the companies’ use of Google Analytics was not in line with the requirements for the Court of Justice of the European Union’s “Schrems II” ruling on data transfers. (Declared in July 2020, that decision invalidated the EU-U.S. Privacy Shield agreement. This is a framework for regulating transatlantic transfers of personal data for commercial use between the United States and the EU.)

According to the ruling, Google is collecting and transferring users’ personal data to the U.S. without shielding data from U.S. government surveillance. It also found that steps taken by the company to protect users, such as data encryption, were not enough. Some experts fear the decision could make legal data transfer between continents difficult, if not impossible. 

“In the absence of a breakthrough in Privacy Shield negotiations, data transfers – and consequently international trade – between the EU and U.S. face a bleak future,” says IAPP Senior Fellow Omer Tene. 

More Organizations Fined

The IAPP also reported that Belgium’s Data Protection Authority recently slapped IAB Europe, an association for the digital marketing and advertising ecosystem, with a €250,000 fine. The authority is claiming that IAB’s Transparency and Consent Framework (TCF), followed by many advertisers in the EU, does not comply with the GDPR. Among its accusations, the authority has claimed that IAB Europe acted as a data controller, which the organization denies. It also accused IAB Europe of failing to comply with a number of requirements under the GDPR. These include appointing a data protection officer, establishing a legal basis for processing, and performing a data protection impact assessment. IAB Europe has just two months to show that its framework is compliant with the rules. On 11 February, IAB Europe confirmed that it will appeal the ruling.

While data privacy laws can be confusing, one thing is clear: organizations that fail to comply with them can expect big penalties. Is your organization ready to deal with these new laws?

Data Privacy Engineering

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program. It provides a framework on how to operationalize privacy in an organizational context. It also covers how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Ethical transparency is critical to an organization’s success and it must be included in digital environments. Successful digital environments require rigorous ethical standards that incorporate honesty, impartiality, protection, security, and privacy.

AI Standards: Roadmap for Ethical and Responsible Digital Environments provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. Contact an IEEE Content Specialist to learn more about how this program can benefit your organization. Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Fadilpasic, Sead. (2 February 2022). FBI warns Beijing Winter Olympics could be a big target for cyberattacks. TechRadar.

Bryant, Jennifer. (2 February 2022). Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations. IAPP.

Bryant, Jennifer. (20 January 2022). Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’. IAPP.

(11 February 2022). IAB Europe to Appeal Belgian Data Protection Authority Ruling. IAB Europe.