High profile data breaches made consumers aware of the vulnerability of their personal information, but it wasn’t until GDPR was implemented that the concept of data privacy really went mainstream. With almost every website asking for permissions on data collection, consumers are now more aware than ever of their data privacy rights.
“Data privacy has become the watchword for 2018, given GDPR, the California Consumer Privacy Act, and the missteps of Facebook and others Businesses, especially those who monetize user data, are now being held accountable,” said David Ginsburg, Vice President of Marketing at Cavirin, a Santa Clara, Calif.-based provider of cybersecurity risk posture and compliance for the enterprise hybrid cloud.
And expect consumers to demand that right to data privacy. According to a recent Harris Poll, 65 percent of respondents said data privacy is their most pressing issue, coming in even higher than healthcare and support for military veterans.
"When it comes down to it, people want companies to address the issues that they struggle with every day like safety, security and health," Amy Terpeluk, a senior partner at Finn Partners, which sponsored the poll, told USA Today. "Companies that address these needs can build their reputation and in turn strengthen their business."
Data privacy is growing in importance because a wealth of customer information is now collected by organizations and third-party data processors, and any compromise of this information has real and lasting consequences, explained Abhishek Iyer, Technical Marketing Manager at Demisto, a Cupertino, Calif.-based provider of security automation and orchestration and response technology. This means businesses are caught in a balancing act between increasing personalization and increasing security.
“Due to data tracking and analytics available in the marketplace today, companies can integrate information from websites, electronic devices, and point-of-sale systems to offer customers a better experience,” Iyer stated. “But when security needs don’t escalate at the same rate that business needs do, these interconnected systems are rendered vulnerable.”
And we’re seeing on almost a daily basis how vulnerable those systems are. Just last month, Marriott became the latest company found to violate consumer data privacy trust – not just with the sheer number of records compromised, but with the length of time the data remained vulnerable.
"500 million guests and an estimated 327 million passport numbers stolen. The sheer magnitude of the Marriott data breach and the sensitive quality of the personal data that was stolen is alarming. But what stands out to me is how long the attacker was hanging out in their system,” Jason Wang, founder and CEO of TrueVault, a personal data management and security company, said in an email comment. “The idea that an attacker first infiltrated their system in 2014 means there had to be plenty of red flags and opportunities to mitigate the attack.”
No wonder consumers want to see their personal information better safe guarded.
There is only so much a person can do to ensure his or her data is kept secure. They can provide as little information as possible to organizations, but every type of business needs different types of data. Handing over your driver’s license to one business, and your credit card to another, and your Social Security number to a third, and suddenly your personal identifying information (PII) is all over, and you aren’t able to track it. However, if that information is compromised and used by identity thieves, the consumer is the one left dealing with the consequences.
Therefore, greater onus must be put on both business entities and government to better protect information. In fact, it will need to be a joint effort, with business and government working in tandem.
Privacy laws make a good starting point in the fight against data theft and user exploitation. “If the collection of data by businesses is left unchecked, the privacy and well-being of end users is sure to fall by the wayside,” said Iyer. The most effective privacy laws should make life easier and more secure for affected individuals, even if it involves manageable difficulties and increased accountability for companies.
Here’s where government involvement is necessary. While California, Colorado, Vermont and other legislative bodies are introducing and passing legislation, there is a growing call to override the state laws with federal regulations. One sweeping national law will not solve the problem, according to Iyer.
“A combination of federal and state laws should ideally empower individuals with the following rights – the right to know what data is being collected by a data controller/processor, the right to deny the collection of that data, the right to ask for removal of that data at any time, and the right to be informed about any major breach that compromises their data,” he said. “The law should also explicitly state criteria that define the seriousness of a breach, preventing data processors from hiding behind subjectivity and not revealing the details of a breach to law enforcement and affected individuals.”
However, government regulations will only take data privacy so far. It is up to business to create a basic framework of corporate disclosure and decency in the event of a breach and provide broad guidelines of security measures to follow. “If companies are truly user-focused and not just profit-focused, they need to build atop regulatory requirements instead of treating them as an end goal,” Iyer recommended. This includes investing in enterprise-grade security, asking honest and explicit permission before using any customer data, instilling security into the entire data supply chain, and conducting strict evaluations of partners’ data storage and security methods.
Cyberattacks will always evolve, and so must the way we approach data privacy at the government, corporate, and consumer levels. While we’ll never eliminate data breaches – and the breaches in the post-GDPR landscape have shown that we have a long way to go – it is possible to reduce their occurrence and the severity.
And if business and government don’t act on improving data privacy? Then you should expect consumers to respond by taking their business and their votes to those organizations and individuals who do care. Consumers want data privacy, and that will make a big impact on how they spend their dollars in 2019.
About the Author: Sue is a freelance writer based in Central PA. She's been writing about cybersecurity and technology trends since 2008 and was named a Top 25 Women in Cybersecurity Influencer by Onalytica. A graduate of Penn State University, Sue loves watching sports and closely follows all Nittany Lion and Philadelphia teams; she even wrote a book, The Phillies Fan's Little Book of Wisdom.