As in Life, Digital Trust Is a Two-Way Street

Guy Pearce
Author: Guy Pearce, CGEIT, CDPSE
Date Published: 17 March 2023
Related: Toward Rebuilding Data Trust

We trust that physicians provide healthcare that is in our best interests. This is supported by them all having once needed to swear by Apollo, Asclepius, Hygieia and Panacea to perform their duties according to ethical standards of healthcare 2,500 years in the making.

We once trusted governments, institutions and enterprises in the same way that we trust physicians. This trust was misplaced. We continue to experience the general abuse of our data, data breaches, and the sometimes half-hearted approaches to protecting our data by various organizations around the world. It is little wonder that fewer than one in two people trust organizations with their data.

Fortunately, the fruit of this is a growing movement to rebuild trust in organizations, augmented by tools such as ISACA’s Digital Trust Ecosystem Framework. However, there is still little discourse addressing the not inconsiderable damage done to our social fabric; one could argue that the damage done to people is far greater than the damage done to organizations. But at least we are starting somewhere.

Some people are as guilty as some organizations when it comes to finding the cause of declining trust. In general, healing broken relationships must begin with both parties acknowledging that something is broken and where both parties want to be healed. Amazingly, there are organizations out there that believe that trust is improving, while their customers simultaneously say that trust is declining. They are clearly out of touch with their constituents and customers who continue to cry foul and are negatively affected by the fallout.

Another response to the broken relationship is that both parties must take responsibility for the situation. Organizational failures in this respect are well-documented, but what about failures on the side of the people using the organization’s products and services? Some people are still quite happy to trade their privacy for trinkets, in spite of the risk. It is a fact of life that organizations will keenly take advantage of this in the interests of a quick buck or of an increase in power. Where there is demand, expect that demand to be exploited. Conversely, with no demand, supply dries up.

So, neither party is yet simultaneously at the point of recognizing the problem and taking responsibility for it.

One solution to broken trust is transparency. Interestingly, transparency is not a universal determinant of trust. For example, we tend not to walk into our physician’s office with preemptive distrust, asking them to explain how they came to their diagnosis. In the same way, we never asked organizations what they are doing with our data—because we trusted them. Now that trust has been broken, there are many more questions being asked in the interests of full transparency. The need for data processing transparency is now even entrenched in some regulations.

The trust conversation is much greater than any one person, community, organization, region or country. It is also more than just a technology conversation. Indeed, it is a deeply human conversation because we have all been negatively affected, some much more than others. Unless there is coordination, our noble digital trust initiatives will be less impactful than they have the potential to be. The good news is that at least the conversation has begun, and solutions are actively being sought.

Editor’s note: For further insights on this topic, read Guy Pearce’s recent Journal article, “Toward Rebuilding Data Trust,” ISACA Journal, volume 1 2023.