AI’s Role in the Future of Data Privacy
The power to do everything online is something of an ideal. Buying groceries, seeing your doctor via telehealth -- the possibilities are endless. Especially with the shutdowns of the last 18 months, logging in for instant access to both essential and entertaining platforms has been a lifesaver. And yet, this world-at-our-fingertips reality isn’t without risks.
In tandem with the rise of online resources is the reality of breaches, fraud, and even identity theft. So far, 2021 has already seen leaks of personality identifiable information (PII) for millions of users through well-publicized incidents, such as Ubiquiti, Parler, Mimecast, Pixlr and more. People’s personal data has been lost, stolen, exposed, and hacked. Unfortunately, this trend isn’t new and can cost companies an average of $3.86 million per breach, not to mention the harm to the users themselves.
People have fundamentally changed the way they interact online and the kinds of online services they use. Because that is true, the burden is on companies to enhance security and protect users’ privacy. But how? For many, the answer lies in artificial intelligence (AI).
High stakes for privacy technology
A 2019 study by Gartner predicts that, by 2023, 40% of privacy compliance technology will use AI. Global spending on privacy efforts are expected to reach $8 billion by 2022. Clearly, business leaders recognize that data privacy is mission critical and an essential expenditure.
High traffic volume and complex systems far exceed manual efforts for security. The only way to set up effective barricades against hackers is to beat them at their own game. However, just because the original problem is complex doesn’t mean the solution should be. In fact, data privacy solutions should introduce as little friction as possible to the user experience. Otherwise, the very efforts businesses make to protect users will turn those same users off.
The starting point: Customer identities
The most basic starting point for data privacy has to do with how businesses handle personally identifiable information, which is essentially about a customer’s identity. Businesses face two major issues off the bat:
1. Regulatory concerns about storing, using, or gaining consent about customer data.
2. User event volume.
Regulations vary widely across industries and regions, which makes compliance a challenge, even if the right AI software is available to achieve it. Furthermore, the sheer volume of user events that require authentication can be overwhelming.
Strivacity is a great example of innovation in this space. Their offerings include adaptive access control, which can embed secure, frictionless logins into any application with a simple, no-code integration that includes an identity store focused on customer privacy.
They also have adaptive multi-factor authentication, which is a key way that businesses around the world are verifying customer identities. The keyword in these offerings is “adaptive,” which speaks to how the product can seamlessly integrate with AI.
“The regulatory challenges of facilitating a consumer to consent to a particular use of data, as well as revoke that consent at an arbitrary point in the future, [is how you cover] your bases when it comes to data privacy," says Strivacity co-founder Stephen Cox. "There are policy and practical challenges with the ‘right to be forgotten’ in the machine learning space. However, it’s important that you begin to set your organization up for solving these types of challenges proactively.”
In regards to AI and machine learning, he explains, “Machine learning also has a benefit of being a passive technology from the perspective of the user. In effect, it is beneficial for user experience (UX) in that it does not require direct interaction from a user to be effective. We know that users, and particularly consumers, will cast aside bad security controls without a second thought.”
Often, consumers need to be incentivized to trade some privacy for security. It is essential that any online platform establishes a baseline of trust for how they handle that trade, especially when it comes to customer identities and PII.
Enabling commerce without PII & addresses
The ease of online purchases and shipping may seem like a no-brainer. The recent pandemic has led to cross-border eCommerce skyrocket to almost a trillion dollars. But as we buy everything from couch cushions to medicine online, there is an inherent risk in getting these products to our doorsteps.
As the cross border introduces newer complexities of varied languages and the addressing formats the challenges of validation of consumer identity becomes harder. Personal addresses are an element of consumer identity & they are tied to credit cards, banks, driver’s licenses, and does not stay within a country.
A platform named Ship2MyID has a vision for doing deliveries in a new way. Co-founder Kush Santosh describes it like this, “In order to reduce the data abuse, we have created a platform that allows businesses and consumers to engage without the need for personally identifiable information of the consumer.
“Consumers are validated locally, and only a minimal set of data like country and zip code, without any PII, is shared to the international merchant to compute the VAT, customs, insurance and shipping costs. For each transaction we create a unique QR code and that acts as a shipping label.”
Santosh believes that consumers should own their data and have 100% control on what to share and whom to share with. He explains how data hackers are generally not interested in consumers but they are more interested in capturing their behavior data & their buying preferences so that brands and businesses can sell their products to the consumers.
The approach of segregating consumers' PII from their behavior related data introduces an ethical and safer way for consumers to share their needs to businesses without revealing their PII. This can enable real transactions including payments and delivery through delivery partners. Working with platforms like Ship2MyID, national post-offices can soon emerge as data hubs within a country and facilitate all the transactions between consumers and business.
Access to legitimate behavior data may actually avoid the need of hacking or stealing consumer data, and be way to counter the growing data privacy challenges.
The future of AI for data security: Non-intrusive and highly effective
Customer data is a form of currency. Both of these examples illustrate a shared fact that most of us can agree with: it should be up to the customer to decide how to spend it. AI is making it possible for customers to more strategically share or withhold PII as they see fit.
It’s important that the algorithms and machine learning systems upon which customer-facing apps are built are rock solid. After all, they are the citadel in which our most private information is kept.
The future of data privacy looks like more investment, more structure, and probably more regulation. All of this is aimed to ultimately result in user security in a way that doesn’t compromise user experience.