If you haven’t been thinking about the impact quantum computing power will have on your privacy and data security compliance posture, you should. The increase in computing power that quantum brings will have a real impact on how companies handle compliance with privacy and data security laws.
This article explores some of the legal areas that corporate leaders should be considering. From the increase in data analytics power to the devaluation of encryption, there is a lot to address. And not necessarily as much time as you might think. What might we see with quantum power?
- A revaluation of how to approach data minimization obligations. If quantum allows companies to easily engage in sophisticated data analytics, will business leaders really want to delete information? What impact will this have on any legal obligations that might exist to avoid secondary uses of personal data?
- New obligations to assess profiling for fairness and transparency. With quantum, business teams may be tempted -understandably- to create profiles of their customers. With these profiles brings possible transparency obligations. Along with possible risks under unfair trade practice laws. Businesses who do not engage in profiling right now, and do not have the infrastructure to address these legal obligations may need to create that infrastructure sooner than later.
- Anonymous data becoming personal. With the power of quantum computing, it is possible that companies will be able to more easily reidentify data. This might mean that information currently being treated as non-personal will become personal information. And along with that, a host of data privacy law obligations.
- The devaluation of encryption keys. Anyone who has read about quantum will have heard about this risk. The possibility that encryption will no longer, with powerful quantum computing tools, keep data secure.
- Mass harvesting by threat actors. This is something that may be happening right now. Threat actors may be amassing vast amounts of personal data -including encrypted data- with the hopes of using it later. This could change how companies view and address breaches today.
Putting It Into Practice: As quantum computing develops, companies would be well served to think about this issues sooner than later. You can learn more about this -along with steps to consider now- in this article. Follow our sister blog (AI Law and Policy) for more quantum developments, including here and here.