The value (not the price) of investments in Privacy and Information Security

Handling different data has now become a routine practice in the market, in different sectors, and a synonym of intelligence and premise of growth.

Companies that base their business plans on the collection and analysis of data, following the principles of the General Data Protection Regulation and the best practices of Information Security, can have a better vision and understanding of their audience, based on the criteria they deem most convenient for their business. Through the analysis of data and information collected from your public in a legitimate way, they have at their disposal inputs to make different analyses according to their interests and purposes.

On the other hand, users (owners of the information) are guaranteed greater visibility on how their data is used (they may or may not agree to make it available for these purposes) and knowledge about the entire chain of treatment and sharing by the company that collected it, and for those with which the data will still be shared. It is the perfect scenario and one that is desired for the coming years. 

In light of this, there is an opportunity to look at Information Security practices and the Data Protection Laws themselves as something that goes far beyond rules that establish procedures, fines and sanctions, and to rethink the way we view the need for investments for the adequacy of business activities. The cost of compliance, that is, the price to be paid, is actually an investment! 

The Data Protection Laws and the Privacy initiatives should be considered by all as a driver to encourage innovation, economic and technological development and the appreciation and respect for human rights. These are, and should be understood by all, as the great contributions of the Law.

We are still in an incipient phase of this process, with many companies in the structuring phase and, on the other side, with users still trying to understand what the "so called" Data Protection Laws is, what is to be gained from it, and where to get information about it. 

We are moving towards an environment of well-defined rules and performance of all agents of the relationship (data owners and companies) according to clear concepts and seeking the best for each one involved. The greater awareness of the public about privacy demands from companies clarity and transparency about what they will collect and how they will use the data. Is this a bad scenario with no positive aspects for companies? On the contrary. 

The market already seems to observe the advantages of Information Security care in practice, even if, initially, encouraged by the "pain" caused by lawsuits involving customer data leakage or hacker attacks.

According to a report by Check Point Research, a cybersecurity intelligence company, worldwide, in 2021, the number of weekly cyber attacks increased 40% compared to 2020. In Brazil, the number of cyber attacks on institutions, between January and November last year, exceeded 21,000 notifications, according to the nucleus of the Cabinet of Institutional Security (GSI).

Due to the growth in the number of attacks and the vulnerability of companies, it is estimated that investments in the area of Information Security and Privacy have tripled in the last three years.  

A business that is dedicated and works to be in line with the law and with the best national and international practices in handling personal data and information security does not "spend" money.

After all, it invests in the adoption of innovative, more modern, agile technologies that can even prove to be a factor in increasing the profitability of the business, both from a commercial and operational point of view, by aiming to mitigate problems that generate costs to the company to solve them, as well as helping to create a reputation for the company regarding its information security and data protection practices. And the business grows! 

Despite placing the data owner as the protagonist in how their information will be used by corporations, Data Protection Laws also look at them, since it brings greater legal security in the treatment of personal data of customers and employees, due to contractual (Privacy Policy, Data Treatment Agreement) and legal rules (GDPR, CCPA), in addition to requiring the creation of a culture of respect for the personal data of third parties with the adoption of Privacy Governance Programs.

From there, the user begins to recognize, now in a more transparent way, companies that are ethical by default and sees value in nurturing a relationship with the brand. And the business grows some more!

If we need numbers to prove the return on investment in privacy and information security, a Cisco study already widely published shows that for every US$1 invested in the area, the return is US$2.70.

In Brazil, this investment is even more valued with the return reaching about US$3.30. A clear answer to how ethical behavior, based on preserving human rights, is, yes (!), wealth in the corporate-business world.

The enterprise or brand that has already incorporated data privacy in the DNA of its activities and adopts the concept from the conception of its products, in the method known as "Privacy by Design", will certainly observe the growth of trust and customer loyalty. 

The company that sees Data Protection Laws in their essence - as the law that provides freedom to the user, by allowing the user to control who will have access to his/her data and what can be done with them, and, aware of this, protects and manages the treatment of this information in all its channels and segments - has reached the richest stage of investment in privacy and treatment of information. 

At Zoox, we call this stage sustainable use of personal data. A path without return and perennial for the development of solid, innovative, human, ethical and true businesses.