Three actions your business can take to ensure better data protection

2021 was the year data privacy became mainstream. In 2022, it’s expected to be one of the key global battlegrounds in tech, says privacy expert.

Written: Jan 2022

Reading Time: 3 minutes

Few topics within the digital sphere spark more debate than data privacy. Still, it can be challenging for the vast majority who are not subject matter experts to grasp what data privacy exactly implies and entails. To get a clearer picture, we sat down with Lin Theres Hillestad, Director Privacy at Telenor Group, for Data Privacy Day 2022.

Going mainstream

“Data privacy can be explained as the right to exercise control over how your personal data is collected and used. This is particularly important today due to the amount and complexity of personal data that is being collected almost every second of our life,” explains Hillestad.

She supports the saying from various experts that ‘2021 was the year privacy went mainstream’, referring to the spotlight put on Big Tech companies’ data processing last year.

“The consequences that companies face if failing to protect personal data has led to increased awareness around risk and potential liability. In 2021, Google was made to stop apps from tracking users across the internet, and WhatsApp had to change their privacy policy and become more transparent on how they provide privacy information to their users, to name a few examples. Also, the COVID-19 contact tracing apps and vaccine passports created discussion globally on how to balance combatting the virus while respecting data privacy.”

Annual celebration: In 2006, the Council of Europe launched a Data Protection Day to be celebrated each year on 28 January. The purpose of the observance day is to raise awareness and promote privacy and data protection best practices. Here, from the Council of Europe’s spring plenary session 2021 (Photo: Candice Imbert/Council of Europe)

Also read: Telenor teams with AWS to accelerate modernisation of telecommunications

More data at risk

Despite progress in awareness and advocacy for data privacy, Hillestad forecasts that the topic will continue to be a key technology battleground in 2022.

“We see increasing and improper use of technologies such as Artificial Intelligence, biometrics, and tracking, which puts personal data and individuals right to privacy at risk every day. My dream scenario would be that governments around the world review their surveillance practices and ensure sufficient local legal mechanisms so that we can move personal data across geographical borders while still protecting people’s privacy rights,” she says while pointing out the importance of transparency for Telenor when it comes to the handling of data.

“As a business, it is important for Telenor to be transparent on how we collect both customer and employee data, that we only use it for lawful purposes, and that we always take necessary steps to keep data safe.”

Starts with employees: “Data privacy starts with each and every one of Telenor’s employees. Whatever technical safeguards we put in place, our employees are the first and most important line of defence. Therefore, all employees receive privacy training. In addition, Telenor has privacy officers throughout the organisation who has data protection as a core responsibility,” says Lin Theres Hillestad, Privacy Director at Telenor Group.

You can read more about Telenor’s privacy governance here

Three privacy measures for businesses

Although it might still take some time before her scenario turns into reality, Hillestad underlines that there are plenty of actions businesses can take today to better ensure sufficient protection of data.

  1. Train your employees: “Training employees in all levels of the organisation is an effective and relatively inexpensive measure a company can take to reduce the number and severity of mistakes.”
  2. Be transparent: “Being open and clear about how you collect and use the personal data. This is an area where you should not cut corners. Make sure this information is communicated to your users in a simple and understandable manner.”
  3. Clean up: “Any personal information that is no longer required to fulfil its identified purpose must be securely disposed of. In other words, make sure all personal data is deleted when the legal reason for keeping them has expired.”

For Telenor, data protection understanding is part of the digital skillset we believe is needed to operate responsibly, safely, and efficiently as digitalisation accelerates. Enabling digital skills in the societies where we operate, such as upskilling in data privacy, is a way we can deliver on our purpose of empowering societies. Read more on our “Learning in Telenor” page to learn how we ensure upskilling in our organisation.

New world record: Telenor employees wrote e-learning history in 2021