Privacy is one of the four key risks associated with the metaverse — the expanding virtual universe of network connections — said an industry expert Canadian insurer recently.
When developing a metaverse strategy, your business customers should consider operational, cybersecurity, privacy and security risks, said Carlos Chalico, cybersecurity and privacy leader at EY Canada.
“This is a technology that is on the move,” Chalico said in an interview. “It’s something that’s coming and I think we have to watch out for it. And as with any new technology, we need to be aware of the risks we face in order to respond appropriately.”
In essence, the metaverse is the connection or integration of four different types of technologies:
- Spatial Computing – The closest interface used to connect to the Internet, such as B. Virtual or augmented reality devices
- Game Engines – To get to the Metaverse, game developers are required. “Perhaps the clearest examples that we can see of this type of environments that have already been created are Fortnite, Roblox, Minecraft, these are those spaces where you create your own avatar and immerse yourself in this digital ecosystem to have experiences there to collect this space,” said Chalico.
- Digital Environments – For example, a real environment enriched by augmented reality, or a completely new and virtual world
- Virtual Economies – Examples include blockchain or non-fungible tokens (NFTs) that enable transactions in these environments.
Of the four major metaverse risks — operations, cybersecurity, privacy, and personal security — privacy is one of the most sensitive considerations to consider, Chalico said KU. (Personal safety, on its part, can result in harm to yourself or others. “When you immerse yourself in one of these online virtual worlds, you completely lose your perception of your physical reality.”)
Those wishing to develop a Metaverse strategy must identify the personal information used, use it only for the purpose that the individuals have consented to, and retain the information only for as long as is necessary to fulfill the agreed purposes.
“Traditional privacy considerations are of course an issue we need to consider when it comes to the metaverse,” Chalico said. “Furthermore, when it comes to the Metaverse, we have to be very… strict in identifying all personally identifiable information that we collect.”
In real space with augmented reality or a fully virtual world, “there’s a good chance the devices you use will collect more personal information about you,” he said. “Maybe your body measurements to represent your avatar in space, maybe how you blink, or maybe information about your irises to know how you react to certain considerations.
To address privacy concerns, Chalico recommends involving the right specialists as early as possible. This includes technical specialists knowledgeable about Metaverse technologies, as well as cybersecurity and privacy experts.
When it comes to data, it’s not just about where the business or customers are, it’s also about where the data will be. “The use of the cloud is always something that will surround the operating environment within the organization,” he said. “You may be sending data to another jurisdiction. If that’s the case, you also need to be mindful of how the vendor you’ll be working with protects your personal information.”
For example, Quebec has new data protection regulations that state that when personal data leaves the province, the company responsible for the information must verify that the provider or the entity receiving the information provides adequate protections for the personal data transferred to them . “And appropriate means that these measures are at least similar to those that companies apply to the data they process themselves.”
Another factor to consider is how the technology is to be used and the specific process involved. “Is it directly related to operations or how the company interacts with customers, or is it perhaps related to training?” Chalico asked.
“Or maybe it’s something we’re going to use to fully interact with customers. Maybe instead of a call center, we’ll have a virtual room where customers go and have a face-to-face conversation, using their avatar to talk to someone from my company to answer any questions we’re going to have.”
Featured image from iStock.com/Kinwun