With remote working environments becoming the new normal with the ongoing pandemic, digital data privacy and security has become more important than ever. To that end, over the past few weeks, Microsoft has launched the Zero Trust Deployment Center, new Threat Protection APIs, and initiatives to promote cybersecurity awareness.
Now, the company is urging individual organizations to do more in ensuring the privacy and security of customer data rather than solely relying on the state legislature in the U.S.
In a blog post penned by Julie Brill, Corporate Vice President for Global Privacy and Regulatory Affairs and Chief Privacy Officer at Microsoft, the executive has stated that as society transitions to recovering from the pandemic, data will play a critical role in rebuilding an equitable economy that is just for all. This data includes personal information and in order to fully utilize it, it is essential that people trust that their data will not be misused. Over the past few years, data breaches have led people to be extra cautious about how companies store and use their data, and Microsoft says that customer trust is quite fragile currently.
Brill went on to say that while some U.S. states, the EU, and other countries have recently developed individual data privacy laws like General Data Protection Regulation (GDPR), the United States as a whole is still using decades-old laws that are only limited to protecting a subset of data. The executive stated:
As countries around the world pursue new legal frameworks, global standards are being developed without U.S. involvement. In contrast to the role our country has traditionally played on global issues, the U.S. is not leading, or even participating in, the discussion over common privacy norms.
If the U.S. wants to join the global conversation about how to develop robust privacy and data protection laws that will enable innovation through responsible data use, it will need to act fast. If Congress does not act soon, we will see the balance of power on these critical issues shift away from Washington, D.C., and move to Brussels, Berlin, New Delhi and Tokyo.
Moving forward, Brill believes that while laws are important, the responsibility to ensure data security and privacy still lies with individual organizations. Recent YouGov surveys have shown that people in the United States believe that this is the responsibility of companies rather than the government. However, companies are instead placing this responsibility on customers themselves by pressuring them to navigate across various websites and apps to make decisions about how their data will be used. Brill stated:
Instead of lobbying Congress or state legislatures to water down or block privacy legislation, it is time for businesses to advocate for stronger privacy laws in this country. In addition to engendering greater trust with their customers, a strong privacy law will provide companies with clear guardrails about how they can use data for responsible innovation with greater assurance.
And whether new laws are passed or not, it is essential that companies develop their own strong privacy standards and assume accountability for how they use customers’ data.
To that end, Microsoft has outlined four principles that it believes will create a framework of trust. These are:
- Transparency about how companies collect, use and share personal information. Consumers are clamoring to understand what data companies have and how they will interact with it
- Consumer empowerment that guarantees the right of individuals to access, correct, delete and move personal information
- Corporate responsibility that requires companies to be good stewards of consumer information
- Strong enforcement through a strong central regulator and vigilant state’s attorneys general offices that have the authority and funding to enforce the laws and take action to hold violators accountable
Microsoft believes that building this trust with customers is doable provided that both organizations as well as the government actively work together to develop and enforce laws about data privacy. It has also encouraged companies to take responsibility for protecting customer data, stating that it is the only way forward in the path to a robust and just economic recovery.