“Businesses That Can Reassure People About Their Personal Data Will Reap a Huge Dividend”

Three questions for Philippe Lanternier, Executive Vice President, Chief Development Officer, Bureau Veritas

Digiworld summit 2016 just has been inaugurated on the theme “Digital Trust Economy”.
Where do public opinion and businesses stand on the subject of personal data?

Distrust is spreading pretty fast. To give one example: in the last two years, only half as many customers have agreed to trade their location data for better service. It should be the other way around! The message is pretty clear: digital innovation won’t take without trust. Reassuring consumers about their personal data will soon be a matter of survival. Businesses now realize this. They’re already investing $130 billion a year to analyze the data they collect. But still not enough to protect their use and reassure consumers.

A new regulation adopted in the European Union does more to protect consumers. A draft bill is being examined in the United States. That’s a good sign, right?

Regulations help, that’s for sure. But they aren’t enough on their own. Regulations by definition come after the fact; they’ll always lag practices and innovation. More important, consumers see regulations as just a baseline, the bare legal minimum that businesses have to comply with — not something that will restore public trust. Businesses must offer additional resources and be totally transparent about how they manage data. And there’s only one way for their process to be credible and understandable to the public: certification by an independent organization.

How will certifying personal data management work?

Certification will be have both a regional scope — France, Europe, United States, Russia, China, for example — and an operational scope, such as a product, division or entire company. To be realistic, it will be awarded on three levels. First, a “Privacy by Design” certification will make it possible to claim based on an audit that a given product or service has been designed to protect privacy. There will be no need to redo the entire IT architecture. Second, a “Governance” label will focus on the overall data management system, without requiring technical audits in this case. Its scope is international and independent of local compliance requirements. Last is a certification tailored specifically to Article 42 of the European Union regulation. These three levels will allow businesses to be certified based on the maturity of their process. Businesses that can reassure people about their personal data through certification will reap a huge dividend.