Data Privacy: A Business Imperative for Boards & Leaders That May Contribute to Market Recovery
By Dominique Shelton Leipzig, Cybersecurity & Data Privacy Partner, Mayer Brown
We have officially entered into a bear market—with major indices posting record declines and losses. While rising inflation, supply chain, the continuing pandemic and the war in Ukraine have all been blamed, the single factor that triggered recent technology stock declines has been missing from the business conversation. The Y factor is data privacy. Boards should make data privacy a focus. Proxy advisory companies are already rating companies on the maturity of their privacy programs. In addition, major institutional investors are sending questionnaires to companies to understand their commitments to data privacy. When a privacy program is deemed lacking, institutional investors are voting with their dollars.
Although out of mainstream investors’ spotlight, data privacy has moved our markets. When consumers were given the choice to decide whether they agreed to be tracked for digital advertising, only 15% agreed. Suddenly, the return on investment on ads became hard to quantify as ads became less effective, and consumers’ continuing rejection of profiling, grounded in privacy trends, decreased billions of dollars of advertising revenues worldwide. As companies miss their quarterly projections, markets are experiencing extreme volatility.
It’s not just consumers’ actions. Over the past five years, lawmakers and regulators have erected guardrails around personal data collection and how that data is used. While this field was largely unregulated prior to 2018, there are now 150 countries with data protection laws, including Europe, the Middle East, Africa, Brazil, China, and Australia, as well as California and four other states in the United States. Regulators around the globe have been fixated on digital advertising and data security. Federal Trade Commissioner Lina Kahn recently decried the collection of personal information to create ad profiles as “commercial surveillance.” The U.S. Securities and Exchange Commission has promulgated new proposed rules that would impose privacy and cyber transparency for officers and directors, and the EU is considering a new law, the Digital Operational Resilience Act (DORA), that would impose criminal liability on boards for data breaches. Gartner, an information technology research and consultancy company, projects that by 2023, 75% of the world’s population will be covered by one privacy law.
The stakes will only get higher. Globally, we are currently generating 2.5 quintillion bytes of data per day (a quintillion is 1 followed by 18 zeros). The security issues surrounding data are themselves significant. Last year, data breaches cost our global economy $6 trillion. If data breaches were likened to the GDP of a country, they would rank third in the list of largest GDPs. The pandemic has shown us that all companies are data companies, and the issues playing out in the markets will not be limited to the tech sector. Some of the largest sectors for digital advertising are consumer packaged products, financial services and healthcare.
On a positive note, just as data privacy can tank share prices, it can also elevate them. Profitable companies have made data privacy and security their brand differentiators. At this year’s International Association of Privacy Professionals Summit, leaders of leading technology companies advocated for the positioning of privacy as a business imperative. In 2022, the 10 largest companies by revenue have gone on record with commitments to protect consumer privacy and security. For example, Walmart has promised responsible data stewardship and posts its ethical use of data and responsible use of technology statement on its website. China’s State Grid announced the use of blockchain technology to secure its inter-departmental infrastructure. Another major retailer, along with many other companies, is a member of the Data & Trust Alliance dedicated to the adoption of responsible data and artificial intelligence practices to prevent algorithmic bias.
These examples show that, although not easy, the fix is straightforward: it’s about leadership. In this context, it’s important for directors and officers to understand three things:
- Data privacy and security require board-level focus, just as other global enterprise ESG issues that present risks and business opportunities alike (e.g., climate, social responsibility, etc.). Data privacy is already being evaluated by proxy companies, like Institutional Shareholder Services, that score companies’ data privacy and security through the “governance” prong of ESG.
- Global and national legal frameworks should move toward harmonization rather than fragmentation to promote business and consumer interests.
- Data privacy and security require partnership and leadership among government leaders, consumer groups and industry experts to develop global strategies on how to manage through our fourth revolution—digitalization. This year, data privacy and responsible data stewardship were on the Davos agenda, as approximately 2,000 leaders discussed issues ranging from the future of work to the metaverse.
Business leaders should remain engaged in the data discussion because data may be their biggest asset—as evidenced by the volatile stock market—able to sink their shares or elevate them to record highs.
About the Author: Dominique Shelton Leipzig is a cybersecurity and data privacy partner at Mayer Brown, a global law firm with over 1850 attorneys in 27 offices across four continents. Shelton Leipzig leads the firm’s Global Data Innovation team dedicated to guiding officers and directors in their stewardship of data. Shelton Leipzig sits on the Nasdaq Center for Board Excellence’s ‘Risk Oversight’ Insights Council. She is also a member of the International Association of Privacy Professionals Board of Directors.
For more leadership insights and resources, join the Nasdaq Center for Board Excellence, a community and collaboration environment in which board engagement is deepened and experiences are shared. Sign up today!
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
Nasdaq Center for Board Excellence
Nasdaq
The Nasdaq Center for Board Excellence is a community and collaboration environment, in which board engagement is deepened and experiences are shared.
Read Nasdaq Center for Board Excellence's Bio