Companies should expect to face a trio of trends in 2024 that make data security, protection, and compliance more critical to operations and risk reduction.
Increasingly, governments worldwide are creating laws that govern the handling of data within their borders, with more than three-quarters of countries implementing data localization in some form, according to global consultancy McKinsey & Co. A second trend is the rush to govern the use of data for generative AI models, with the Biden administration's AI executive order and the European Union's AI Act likely having the greatest impact in the coming year.
Finally, enforcement of data protection regulations will continue to be used more often, impacting a wider variety of companies, according to experts.
For companies, 2024 will be the year they will have to be much more cognizant of where their data moves in the cloud, says Troy Leach, chief strategy officer for the Cloud Security Alliance.
European, Chinese, and US regulators put an exclamation mark on rules regarding data security with some major fines in 2023.
In May, the Irish Data Protection Commission fined Meta, the company behind Facebook, €1.2 billion for violating localization regulations by transferring personal data about European users to the United States.
In July, Chinese authorities fined ride-sharing firm Didi Global more than 8 billion yuan for violation of the country's privacy and data security regulations.
Data Localization Takes Off Following the European Union's passage of the General Data Protection Regulation in 2016, which replaced the Data Protection Directive of 1995, more nations have focused on keeping data protected under local regulations.
Such data localization will continue, and by the end of next year, three-quarters of people will live in a country that has privacy protections, according to business intelligence firm Gartner.
For businesses, such regulations are a burden but also an opportunity, says TCS Cybersecurity's Singh.
Adapting to the localization regimes in each part of the world will allow companies to offer personalization, reduce the risk of data leaks and breaches, and benefit from a reputation for cybersecurity, says Singh.
AI Concerns Lead to Changing Landscape While data localization is happening through the fabric of the cloud, the major change that will affect businesses and how they handle data in the coming year will be the fast adoption of AI services and nations' attempts to regulate the new technology.
Many organizations, for example, may use a private instance of a GenAI model to protect their data, but the data will still be in the cloud, he says.
The fast adoption of AI is problematic because data is the lifeblood of AI models - a vast amount of data is going to be fed into, consumed, and output from machines and services - and the companies behind the top AI products are not transparent about how they train their models and use data.
Business analyst firm Forrester Research forecasts major changes wrought by AI that will affect the data landscape.
Six in 10 employees will use their own AI for their jobs in 2024, hoping to become more productive.
At the same time, there will be significant legal, privacy, and security risks, with at least three major breaches caused by code generated by AI in 2024, Forrester analysts predict.
The data privacy and compliance risks of AI topped a listing of 2024 trends for businesses published by Kiteworks, a regulatory compliance software firm.
The estimates of how much private data flows into ChatGPT and other GenAI models are pretty consistent: Data security firm Cyberhaven found 4% of monitored workers submitted sensitive data, while Kiteworks cites a study that found 15% of workers have submitted information to ChatGPT, and a quarter of those - about 4% overall - considered the data to be sensitive.
There are still a lot of question marks, such as the liability of AI models operating across borders, says CSA's Leach.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 02 Jan 2024 15:55:20 +0000