Cisco released its 2024 Data Privacy Benchmark Study, an annual review of key privacy issues and their impact on business. Ahead of International Data Privacy Day, the findings highlight the growing privacy concerns with GenAI, trust challenges facing organizations over their use of AI, and the attractive returns from privacy investment. Drawing on responses from 2,600 privacy and security professionals across 12 geographies, the seventh edition of the Benchmark shows that privacy is much more than a regulatory compliance matter.
Growing Privacy Concerns with Generative AI
"Organizations see GenAI as a fundamentally different technology with novel challenges to consider," says Dev Stahlkopf, Cisco Chief Legal Officer. "More than 90 percent of respondents believe GenAI requires new techniques to manage data and risk. This is where thoughtful governance comes into play. Preserving customer trust depends on it."
Among the top concerns, businesses cited the threats to an organization's legal and Intellectual Property rights (69 percent), and the risk of disclosure of information to the public or competitors (68 percent).
Most organizations are aware of these risks and are putting in place controls to limit exposure: 63 percent have established limitations on what data can be entered, 61 percent have limits on which GenAI tools can be used by employees, and 27 percent said their organization had banned GenAI applications altogether for the time being. Nonetheless, many individuals have entered information that could be problematic, including employee information (45 percent) or non-public information about the company (48 percent).
Slow Progress on AI and Transparency
Consumers are concerned about AI use involving their data today, and yet 91 percent of organizations recognize they need to do more to reassure their customers that their data is being used only for intended and legitimate purposes in AI. This is similar to last year's levels, suggesting that not much progress has been achieved.
Organizations' priorities to build consumer trust differ from those of individuals. Consumers identified their top priorities as getting clear information on exactly how their data is being used, and not having their data sold for marketing purposes. When asked the same question, businesses identified their top priorities as complying with privacy laws (25 percent) and avoiding data breaches (23 percent). It suggests additional attention on transparency would be helpful — especially with AI applications where it may be difficult to understand how the algorithms make their decisions.
Privacy and Trust: the Role of External Certifications and Laws
Organizations recognize the need to reassure their customers about how their data is being used, and 98 percent said that external privacy certifications are an important factor in their buying decisions. This is the highest we've seen over the years.
"94 percent of respondents said their customers would not buy from them if they did not adequately protect data," explains Harvey Jang, Cisco vice president and chief privacy officer. "They are looking for hard evidence the organization can be trusted. Privacy has become inextricably tied to customer trust and loyalty. This is even more true in the era of AI, where investing in privacy better positions organizations to leverage AI ethically and responsibly."
Despite the costs and requirements privacy laws may impose on organizations, 80 percent of respondents said privacy laws have had a positive impact on them, and only 6 percent said the impact has been negative. Strong privacy regulation boosts consumer confidence and trust in the organizations they choose to share their data with.
Further, many governments and organizations are putting in place data localization requirements to keep certain data within country or region. Whilst most businesses (91 percent) believe that their data would be inherently safer if stored within their country or region, 86 percent also said that a global provider, operating at scale, can better protect their data compared to a local provider.
Read the entire report here.