In today’s world, data is ubiquitous and plays a critical role in every business. As we begin to transition towards a more digital-centric experience in the era of Web 3.0, this presents several security, legal and technological challenges.
Working at the fore of AI innovation is data protection and AI governance executive, Brenda van Rensburg. In her keynote at the year’s acQuire Connect, “Web 3.0: The Data Frontier – Security, AI and Law Intersects”, Brenda will share her insights with companies looking at the intersection of data protection, ethical considerations, and the boundless potential of AI.
Ahead of acQuire Connect, we sat down with Brenda to discuss the impact Web 3.0 will have on the way companies manage their data, how privacy regulations may change with the evolution of AI technology, and how businesses can balance the benefits of emerging technologies with the associated security risks.
Web 3.0 will no doubt change the way we do business entirely.
Currently, we engage with Web 2.0, which is human-driven and there are still a lot of physical elements with this environment. Web 3.0 will take businesses to a whole new dimension. I expect to see, in the not-so-distant future, more companies conduct their business within a virtual environment in place of a physical one.
While the upside for companies is the immediate cost-saving features, such as time and travel, the downside is the amount of data, hardware, and legalities needed to make this happen. One opportunity this does present to companies is the possibility to ‘share the load’. For example, data can be shared between two entities, potentially reducing legal obligations, especially those concerning sensitive personal data. Companies can collect and share portions of the data required for a Web 3.0 experience, which means a person in Europe wishing to meet with someone in Australia can share tokenised data through a shared system or platform. The experience would be similar to making a Teams call, except it would take place in a virtual environment. Additionally, this approach could help companies tick a few legal boxes.
Companies looking to this way of working in the future need to consider implementing a robust data management strategy first. To build this strategy, a company must identify any data that is critical for this type of Web 3.0 environment, and then consider the amount of data needed/collected, its storage and any likely security controls it would need in place.
While the concept of Web 3.0 may be viewed as ‘far-fetched and fanciful,’ there are already companies successfully operating at the edges of this concept. Therefore, it is only a matter of time before we evolve into an even more digitally engaged business world, where immersive technologies and decentralised platforms enhance collaboration, foster innovation, and create richer business and personal interactions.
Since 2018, we have seen a significant shift in privacy regulations. In the last couple of months alone, we have seen the Office of Australian Information Commissioner implement guidelines in relation to data for AI use.
The bottom line is that entities must explicitly inform individuals that they are collecting and using their sensitive data for AI use. Entitles must also collect consent from individuals to do this. However, our regulations are still lacking in relation to how some sensitive information is used, shared and stored.
For us as individuals, the implications are significant: by the time we fully grasp the value of our personal data, it may be too late. Much of our biometric information may already have been collected and stored without our explicit consent.
Knowing this gives companies the power to change by asking questions such as:
Businesses have and will continue to confront security risks. To effectively balance these risks with emerging technology, it’s important to implement the fundamental security controls and develop an ongoing business strategy that builds on their security model every year.
Arguably, not all businesses are in the position to deploy the ‘state of the art’ security controls however, there are still measures they can take. An important step is to identify and understand what their most critical assets are, and what controls they should implement to protect these assets. For example, not all data is Personal Identifiable Data, however, there may be some data that is considered the ‘crown jewels’ of the business, and by applying the worst-case scenario, this can help companies identify:
There are two key messages that I hope to share with attendees of acQuire Connect 2024: