There is a significant disconnect between consumer expectations and organizational approaches to privacy, especially with regard to AI use.
This is according to Cisco 2023 Data Privacy Benchmark Study It included insights from 3,100 security professionals familiar with their organizations’ data privacy programs and their reactions to previous consumer attitudes to privacy. Cisco 2022 Consumer Privacy Survey.
The disconnect between consumers and organizations was most acute when it came to the privacy impact of AI technologies such as ChatGPT.
In the 2022 Consumer Privacy Survey, 60% of consumers expressed concern about how organizations are currently applying and using AI, and 65% said they had less trust in their organizations for AI practices. already lost.
This compares to 96% of US security professionals. 2023 Data Privacy Benchmark Research showing that organizations already have processes in place to meet the responsible and ethical standards for AI privacy that consumers expect.
talk Information security, said Robert Waitman, Privacy Director and Head of Privacy Research Programs at Cisco. While most consumers are generally in favor of AI, 60% have already lost trust in their organization due to the use of his AI in their applications, solutions and services. As a result, organizations must apply AI to automate and take extra care when making the inevitable decisions that directly affect people, such as loan applications and job interviews. “
Open questions about AI and privacy
speak in a recent episode of Information security In the magazine’s podcast, BH Consulting COO and Senior Consultant Valerie Lyons discussed the huge impact AI growth has on privacy.
One of these is the role of AI in creating inference data using datasets to draw conclusions about populations.
“The problem with inferred data is that as a consumer you don’t know that an organization has it. and the guess may be sensitive data.
Using AI to create inferred data has great potential, but raises significant unresolved privacy issues. “Inferred data is something that you, as a consumer, have no control over,” added Lyons.
Camilla Winlo, Head of Data Privacy at Germserv, expressed concern: Information security Use of AI tools that exploit people’s personal information in unintentional and non-consensual ways. This includes so-called “data scraping”. This allows the datasets used to train AI algorithms to come from sources such as social media.
A famous example of this is a study by Clearview AI to unknowingly scrape images of people from the web and expose them via facial recognition tools.
“Many people would be uncomfortable with their personal information being unknowingly obtained by an organization and used for their benefit. It can also make it difficult for you to remove personal information that you don’t have.If your organization doesn’t know you have it, you can’t exercise your rights.
Winlo also notes that consumers may have unrealistic expectations of privacy when interacting with AI, and the information they leak may be accessed and used by humans and organizations. I am not aware of that.
She commented: As part of testing the program to improve the AI, it might surprise you to discover that humans may be reading these messages and selecting the most appropriate AI-generated responses for posting. I can’t. “
Another area Lyons discussed was ChatGPT’s potential future role in the area of data privacy. She says her GPT’s primary function of answering questions and writing texts is “basically what privacy experts do,” especially when curating privacy policies.
So, as technology learns and evolves, she expects it has the potential to significantly improve an organization’s approach to privacy.
Building consumer confidence in AI
Over 9 in 10 (92%) Security Professionals at Cisco 2023 Data Privacy Benchmark Regarding the use of AI in solutions, the report acknowledged that more needs to be done to reassure customers that their data is only being used for its intended and legitimate purposes.
However, there are significant differences in the priorities for building that trust and peace of mind between consumers and businesses. His 39% of consumers say the most important way to build trust is clear information about how their data is being used, but security is the same for his professional Only 26% of them felt that way.
Additionally, 30% of professionals believed that compliance with all relevant privacy laws was the top priority for building trust within their organization, although consumers who prioritized this was only 20%.
More than three-quarters (76%) of consumers said they would be more comfortable using these technologies if they had the opportunity to opt out of AI-based solutions. However, only 22% of organizations believe this approach is the most effective.
Reflecting on these findings, Waitman commented: A clear consumer priority when it comes to data is transparency. They want to know that their data is only being used for legitimate purposes, and they trust more organizations to make that clear. “
The company advised organizations to share an online privacy statement in addition to the privacy information they are legally required to disclose to increase consumer confidence.
Waitman adds:
Regarding the use of AI, Winlo said it is important that organizations involved in developing and using AI tools take action to protect privacy.
“We are just beginning to identify the use cases for these systems. Ultimately, no matter how popular a new technology may be, if people don’t trust their personal data and lives to be safe, they will struggle in the long run,” she added. rice field.
Changing business attitudes to privacy
Encouragingly, Cisco’s 2023 survey found that nearly all organizations recognize the importance of privacy in their operations, with 95% of respondents saying privacy is a business imperative. This is compared to last year’s 90%.
Additionally, 94% admit that customers won’t buy if their data isn’t properly protected, and 95% say privacy is an integral part of their organization’s culture.
Businesses also recognize the need for an organization-wide approach to protecting personal data, with 95% of respondents saying “every employee” needs to know how to protect data privacy. says.
About four in five (79%) said privacy laws had a positive impact, and only 6% claimed they had a negative impact.
This attitude has led to changes in business practices. Waitman said: A few years ago, privacy was typically handled by a small group of lawyers, but today, 95% of organizations believe privacy is an integral part of their corporate culture. “
