In early 2016, the European Union is set to approve the new general data protection regulation, which would make companies in violation of the law liable for up to 5 percent of global revenues. In the U.S., companies can expect severe financial penalties as regulators also flex their muscles, a trend already underway.
Forrester highlights two recent examples: Apple agreed to pay a $32.5 million in refunds to customers to settle a Federal Trade Commission complaint it charged for kids in-app purchases without parental consent (FTC versus Apple). Additionally, this year AT&T paid $25 million to settle an investigation into three data breaches (FCC versus AT&T).
The message? Expect more.
"Retailers and Internet "giants" are certainly the ones we hear about most often," said Khatibloo.
Then there are the media and telecommunications companies. "TalkTalk (the mobile carrier) is dealing with a nightmare of a breach right now," she said.
"But the health-care industry, as it becomes increasingly digital, is really struggling to protect user data," said Khatibloo. "'Breaches' are often the result of poor employee habits: leaving a laptop unlocked or taking files home on an unapproved thumb drive, for example."
Smaller companies making devices connecting to the Internet of Things are also treading on shaky ground when it comes to protecting privacy.
"We've already seen how these devices can easily be hacked — their makers just aren't experts at security," said Khatibloo. "I think we'll see a lot of compromised IoT devices over the next few years, largely because there isn't yet a best-practice standard for securing their data."
One company Khatibloo points to as doing privacy right? Disney: "Their policies are clear, the majority of their practices are opt-in, and they're very clear about the value exchange of data collection," she said.
Of course, what may be a painful transition for some businesses represents a giant opportunity for others. The legal industry and the Big Four accounting firms, as well as management consultancies, will reap the benefits of the privacy overhaul Forrester is predicting.
"McKinsey, Accenture, Bain, et cetera will also recognize opportunities as firms make organizational changes to support better privacy throughout their businesses, said Khatibloo.
Another interesting trend Forrester predicts is especially relevant to retailers.