PrivSec Global event round-up

I was honoured to be invited to anchor at this year's PrivSec Global event, a comprehensive foray into the current state and future challenges of data privacy and security. I was there to anchor the morning sessions on the second day, covering a wide range of thought-provoking topics from financial data security to the ethical considerations of AI. Here is a brief review from me of what was covered in this fantastic event.

Financial Data Security

The event kicked off with a critical look at the safety of financial data. A highlight was the discussion on major data breaches, including the 2017 Equifax data breach that led to a class action lawsuit and eye watering $575 million dollar settlement, emphasising the need for robust cybersecurity resilience and ongoing technical control. Since then, we’ve seen a number of large data breaches around the world at the Indian Council of Medical Research, teleco’s T-Mobile and Optus, and file transfer software provider MOVEit to mention just a few. 

The session underscored the importance of understanding and complying with tightening legal frameworks, such as PSD3 and GDPR, to protect consumer data and avoid substantial legal fines, loss of brand value and customer churn. It was evident that protecting customer data isn't just about employing the right technology; it's also about adopting best practices and processes and ensuring comprehensive risk management across the business. In reflection I would also add that an over-reliance on passwords which all too often are the weakest link in the cybersecurity chain must be more swiftly addressed.

Facial Recognition Regulation

This turned into a hugely interesting and thought-provoking session on the regulation of facial recognition technology. As many of us have become used to facial recognition securing our devices and law enforcement rapidly expands its use, we should consider that it’s not limited to these parties making use of our biometric data. For example, video doorbells with facial recognition technology have been available in the UK since 2018. The session raised important questions about consent and privacy in the context of GDPR. The discussion delved into the various types of facial recognition technologies and their ethical implications, highlighting the need for balancing technological advancement with regulatory frameworks. The session concluded what many of us feel, that technology continues to outpace regulation, posing significant challenges in protecting our biometric data and privacy.

Data Retention Frontier

Another vital topic was data retention strategies. The discussions focused on the complexities surrounding different data types, storage durations, and varying regulations across jurisdictions. The emphasis was on the need for companies to be agile in policy creation, with a strong backing from the board, and the importance of meaningful staff training in data management. As was observed in the Optus data breach in 2022 serious questions were asked about data retention. The more data that is kept, the bigger the challenge of keeping it safe becomes, perhaps firmer retention strategies might have mitigated losses in this case.

ChatGPT and Data Privacy

ChatGPT as with other AI’s is fuelled by our own data. This session on ChatGPT highlighted concerns about transparency and consent in data usage. As the fastest growing consumer application ever launched with almost 200 million users the lack of regulation and the potential for data misuse were central themes, with a question raised about the balance between innovation and privacy enforcement. 

Ethical AI

As AI innovation advances at breakneck speed the importance of ensuring that it avoids discriminatory practices and respects privacy rights is critical. The European Union's AI Act which aims to put into place firm guidelines on prohibited, high risk and low risk AI systems to ensure ethical AI was a central focus in this discussion. The session emphasised the need for transparency and informed consent, the management of third-party vendors, and the balance between innovation and control. Upcoming regulations and the importance of companies being transparent without creating customer friction were key takeaways.

Healthy Data

The morning's discussions concluded with a session on regulating data in the healthcare industry, a session which seemed somewhat poignant considering the long shadow left by the global pandemic. The session covered the lack of data protection for health apps, the European Health Data Space (EHDS) and the robustness of GDPR, and the United State’s lack of a comprehensive statute. The session covered the challenges of protecting patient data and the balance between privacy and innovation in the health sector, especially concerning wearable technologies.

My thanks to the team at PrivSec Global for inviting me, I came away thoroughly enthused and brimming with new-found insight from an event I would highly recommend people to attend. It underscored the urgent need for companies and regulators to adapt swiftly to the rapidly changing digital landscape to protect consumer data effectively.

I am looking forward to returning to PrivSec in early March 2024, find out more here PrivSec, Park Plaza, London.