TopicsDigital security and privacy

Digital security and privacy protection have become public policy priorities in an increasingly digital and data-dependent economy and society. A key challenge for governments, businesses and individuals is to reduce these risks to increase trust without inhibiting the opportunities offered by the digital economy

Personal data and privacy

A growing number of online entities are collecting vast amounts of personal data. Data "mining" and advances in data analytics now make it possible to infer sensitive information from data which may appear trivial at first, such as past individual purchase behaviour or electricity consumption. The misuse of these insights can implicate the core values and principles which privacy protection seeks to promote, such as individual autonomy, equality and free speech, and this may have a broader impact on society. 

While protection by law is essential, privacy in an increasingly data-driven economy would benefit from a multifaceted strategy, reflecting a whole-of-society vision, and supported at the highest levels of government, as called for in the OECD Privacy Guidelines and the 2016 Cancun Ministerial Declaration on the Digital Economy. Such strategies need to strike the right balance between the social and economic benefits of enhanced reuse and sharing of data and analytics, and individuals’ and organisations’ legitimate concerns about such openness, including protection of privacy and intellectual property rights. Coordinated privacy strategies at the national level would enhance privacy protection in an increasingly data-driven environment.

>> More on information security and privacy

Measuring digital security risk management practices in businesses

Policy makers’ ability to measure, analyse and understand the digital security risk management practices of businesses has not kept sufficient pace with technological change.

Published in June 2019, this OECD digital economy paper synthesises an OECD project to develop a framework and a set of statistical indicators that can be used to assess the digital security risk management practices of businesses, particularly SMEs. It provides an in-depth explanation of the measurement framework and an analysis of the outcomes of a pilot survey instrument based on it, tested with members of the Federation of European Risk Management Associations (FERMA) in 2018.

Digital security risks

Digital security risk has traditionally been approached as a technical problem but the changing nature and scale of digital security incidents is driving countries to re-evaluate their strategies and policies. In recent years, many governments and stakeholders have emphasised the importance of considering digital security risk as a strategic economic issue for organisations which needs to be addressed at the highest level of corporate governance, as recommended by the OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity.

The new OECD Global Forum on Digital Security for Prosperity offers an international multilateral setting for all stakeholder communities of experts to dialogue, share experiences and influence public policy making on digital security. Its first event took place in December 2018.

Managing risks

Managing Digital Security and Privacy Risk, a background report for the June 2016 OECD Ministerial on the Digital Economy, discusses how increased connectivity and data-driven innovation have brought about significant economic and social opportunities while changing the scale and scope of digital security and privacy challenges. These developments highlight the need for an evolution in policies and practices to build and maintain trust in the digital economy. Building on key messages of the OECD Digital Security Risk Recommendation and the OECD Privacy Guidelines, the report articulates why an approach grounded in risk management is essential to ensure that measures are appropriate to and commensurate with the risk. It also examines what further work is needed to understand how public policy can work jointly with private sector to overcome barriers and address the special challenges faced by small and medium enterprises (SMEs).

Protection of children online

Children face a spectrum of risks online to which they are more vulnerable than adults. The OECD developed a report on the risks faced by children online and policies to protect them in 2011. Based on the report’s findings, in 2012 the OECD Council endorsed a set of recommendations for governments calling for evidence-based policy making and enhanced domestic and international co-ordination to improve national policy frameworks.

Download a booklet bringing together the OECD Recommendations for the Protection of Children Online and the report (pdf).

From 2018 to 2020 the OECD is scoping developments to ensure its 2012 recommendation remains relevant in our increasingly digitalised world.

Insuring companies against cyber risks

Although quantitative measurement is still emerging and raises significant challenges, the frequency and scope of cyber incidents is growing significantly and cyber risk is viewed as one of the main concerns to doing business. For insurance to have a significant impact on risk reduction, the market must be offering a material level of coverage to a large share of companies and individuals at risk. This is not currently the case.

Prepared at the request of the G7 Presidency, Enhancing the Role of Insurance in Cyber Risk Management provides a market overview for cyber insurance, including available coverage and potential gaps as well as current challenges in terms of data availability, quantification of cyber risks, awareness and misunderstanding about coverage. It identifies potential policy measures to address some of the challenges to the development of an effective cyber insurance market.

See also:

Trust in the digital economy

In a special 2014 Eurobarometer report on cybersecurity, two concerns reported by Internet shoppers in the European Union were misuse of personal data and security of online payments. According to a Per Research Center poll the same year, 91% of Americans surveyed agreed that consumers have lost control of their personal information and data. 

In a 2014 OECD survey on the digital economy, governments identified security as the second highest priority area and privacy as the third out of 31 possibilites, with only broadband coming higher. 

A chapter on digital risk and trust in the OECD Digital Economy Outlook 2017 reviews trends in digital privacy and security incidents and onlien fraud, and discusses how to build trust in the digital economy, including through consumer protection. Another chapter looks at policy and regulation aimed at enhancing trust in the digital economy.

The Digital Economy Outlook 2015 also contains a chapter devoted to trust in the digital economy covering a select number of trends.