American respondents more confident than European respondents that U.S. will adopt stricter EU-style privacy legislation; global agreement that flexible privacy and consent methods are needed in evolving landscape
ForgeRock has announced the results of its global survey conducted by TechValidate, which found 93 percent agreement among IT professionals that customer data privacy concerns are a critical issue at the C-level. Yet only nine percent of IT professionals surveyed believe that current privacy and consent methods are adequate. When asked about the requirements for new methods, 96 percent of surveyed IT professionals agreed that there is an increasing need for dynamic and flexible privacy tools that are adaptable to future borderless regulatory requirements and consumer expectations.
The survey study also revealed regional differences between U.S.-based and EMEA-based IT professionals in their opinions about data privacy. While 85 percent of U.S. IT professionals believe that the U.S. will eventually adopt personal data protection regulations similar to those of Europe, European IT professionals were more skeptical, with only 66 percent agreeing that the U.S. would implement such regulations.
The survey of more than 300 IT professionals was commissioned by ForgeRock and conducted by TechValidate, an independent research organisation. The survey included responses representing 11 verticals, including healthcare, retail, telecommunications and finance, from 38 countries across North America, Europe and Asia-Pacific-Japan. The objective of the survey was to assess the role of data privacy and consent in building a trusted digital world.
A rapidly shifting regulatory landscape
The regulatory environment for data privacy is currently in an unprecedented state of flux, as the Safe Harbor framework governing personal data transfer and storage between European Union countries and the United States was struck down by the European Judicial Court in late 2015. A replacement agreement for Safe Harbor, the EU-U.S. Privacy Shield Framework, has been announced but is yet to be finalised, and it remains unclear whether the proposed new agreement will survive judicial scrutiny. In addition, the emerging General Data Protection Regulation (GDPR) – another EU initiative – promises to place additional strictures on how private and public organisations can manage personal data.
When asked about the impact of the emerging data privacy regulations:
- 96 percent of IT professionals believe emerging European regulations for data protection are creating a need for better tools and standards for ensuring protection of personal data, privacy and consent.
- 84 percent of U.S. respondents (and 87 percent of APJ-based respondents) believe the U.S. will eventually adopt regulations similar to those of Europe; however,
- Only 66 percent of EMEA-based respondents believed that the U.S. will eventually adopt such regulations.
Customer Data Privacy Expectations
The rapid growth of the IoT and the digital economy is posing enormous challenges to businesses and the public sector in terms of protecting personal data privacy and building trusted relationships. Gartner, Inc., forecasts that 6.4 billion connected things (IoT – which includes smart cars, smart homes, smart cities, cloud-connected healthcare devices and processor-enabled appliances) will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020 <http://www.gartner.com/newsroom/id/3165317>.
While evolving regulatory requirements are impacting how organizations approach data privacy, ForgeRock also wanted to determine if IT professionals consider data privacy to be a requirement for customer satisfaction. According to most organisations, customers are demanding more control over how their personal data is managed and shared. In addition, most agreed that ensuring data privacy and consent was important for building customer loyalty.
When asked about the data privacy expectations of their customers, 95 percent of responding IT professionals agreed with each of the following statements:
- Individuals are becoming increasingly concerned about their personal data privacy and their ability to control, manage and share data about themselves online.
- Organisations want to build trust by giving customers the ability to consent to data sharing and to control who their personal data is shared with.
- The ability to preserve and prove customer privacy builds loyalty for their brand.
The Need for a New Approach to Data Privacy
Recognising that ensuring data privacy and consent has become a critical issue but is also very complex, the survey asked IT professionals if they had the tools they need to meet regulatory and customer requirements. Not surprisingly, the majority of those surveyed believe that current methods are inadequate and that new dynamic and flexible privacy and consent methods are needed.
- 9 percent believe current methods (i.e., check boxes, cookie acknowledgment) used to ensure data privacy and consent will be able to adapt to the needs of the emerging digital economy.
- 96 percent agreed that data privacy and consent methods need to be dynamic and flexible so they can adapt to emerging regulatory requirements and consumer demands.
Key Business Implications
“As our survey illustrates, coping with regulation – privacy or otherwise – is no longer just a cost center for organisations. As connected devices and technologies take on a greater role in public and private life, there are massive business benefits to building in new identity and data privacy solutions that can scale over time,” said ForgeRock’s CEO, Mike Ellis. “Organisations clinging to legacy identity management technologies – which are currently inadequate – will be at a major disadvantage.”
Comments from survey participants:
“The roles and ideals by which we define ourselves have increasingly been influenced by the digital world. It is imperative that strong protection is in place to ensure that safety is provided. The value of global communication brought about by the collaborative Internet is priceless yet must be implemented in a way that serves to foster progress and safety of it’s participants.”
Source: Engineer, Large Insurance Company
“It’s still all based on trust. Consumers are, I think, increasingly disbelieving of claims around privacy.”
Source: IT Professional, Global 500 Telecommunications Services Company
“Organisations need to be transparent with their treatment of Data Privacy, and provide clear opportunities for people to make decisions about how their private information is treated.”
Source: Senior IT Architect, Federal Government
The ForgeRock Identity Platform is available for download now at: https://www.forgerock.com/downloads/
Supporting Resources
ForgeRock Blog on Survey Findings
Data Privacy Survey Report (eBook)
The ForgeRock Pledge
About TechValidate
TechValidate is a trusted third-party research organisation that directly interfaces with business and technology end users to collect and validate information about their deployments. More information is available at www.techvalidate.com.
About ForgeRock
The ForgeRock Identity Platform transforms the way millions of customers and citizens interact with businesses and governments online, providing better security, building relationships, and enabling new cloud, mobile, and IoT offerings from any device or connected thing. ForgeRock serves hundreds of brands like Morningstar, Vodafone, GEICO, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, among many others. Headquartered in San Francisco, California, ForgeRock has offices in London, Paris, Düsseldorf, Bristol, Grenoble, Oslo, Sydney, and Vancouver, Washington. ForgeRock is privately held, backed by leading global venture capital firms Accel Partners, Foundation Capital, and Meritech Capital. For more information and free downloads, visit http://www.forgerock.com or follow ForgeRock on Twitter at http://www.twitter.com/forgerock