In recent years, data privacy has been a popular discussion topic and of big concern for governments, commercial companies, and users alike. Without thinking too hard, most of the population can name at least one major data breach or privacy scandal in the last 5 years. That’s not to say the vulnerabilities or overall privacy concerns did not exist previously, but it is important to note the increase in media attention on large scale privacy scandals (see: Cambridge Analytica ) has increased public awareness and calls for greater transparency, as well as, greater controls on data. Similarly, as the total number of digitally connected users increases even as existing users deepen their connectedness through an uptick in devices per person, the chance for exposure will only increase. Frost & Sullivan’s March 2020 Mega Trends Report, predicts over 20 devices, such as smartphones or smartwatches, per person by 2030 as we progress to a hyper-connected world.
If you are a user or small business owner, the chances of being highlighted on a global scale for privacy miss-steps are smaller but the implications to your small business or personal life should not be overlooked. As the privacy space evolves, there are a few key points to remember: (1) data privacy is not a new concern and it will not pass with time, (2) governments are responding with laws, (3) users are responding with their voices and wallets.
Photo by Marvin Meyer
Data Privacy is not a new development and it will not pass with time
Although data breaches have only recently been brought to the forefront of our minds by media outlets, the vulnerabilities have been around much longer (don’t worry – the full history of cybersecurity will be saved for another blog). The first documented data breach that impacted over 1 million individuals and had compensatory income statement effects on the organization was in 2005 with DSW. The DSW breach compromised credit card information for approximately 1.4 million customers across 25 states and 108 stores in only 4 months. The company claimed exposure losses of between $6.5M to $9.5M dollars and settled in 2012 with their insurance for a $6.8M entitlement. The 2005 DSW breach seems like a long time ago but the exponential increase in scale of data breaches in just 15 years is staggering.
This Statista table (right) shows the top data breaches as of April 2020. It is interesting to note that the breaches do not even reach back to 2005. It is also extremely relevant to highlight the scale for records stolen is in millions. In 2005, $1.4M users’ data lost was appalling. In 2020, the top breaches are measured in trillions.
As we increase our personal technology device usage, it is reasonable to expect breaches to increase as well – so companies and individuals must remain vigilant with their own data.
Governments are responding with laws
In response to a greater outcry from the public, governments have begun to enact laws for data privacy while others have been established for some time, the most famous or well-known is the EU General Data Protection Regulation (commonly referred to as GDPR). GDPR applies to all personal data of persons or entities subject to EU laws, regardless of industry or sector and is hard to get around. For example, HIPPAA may not apply to all organizations in the US if they are collecting information in an anonymous manner or they don’t technically provide health services or insurance (source: Margot Kaminski, Law and Technology: A recent Renaissance in Privacy Law). GDPR ensures EU data subjects can access their data and request a correction or deletion even if they originally voluntarily handed their information over to a company-regardless of where that company is legally headquartered (see: clicking “I agree” to access surveys on social media about what Harry Potter house you belong in). In distinction from GDPR, the United States does not (yet!) have a national data privacy law; and so, states have been creating their own at varying speeds. The graphic below shows data privacy laws as of mid-2019 but since then Arkansas, Connecticut, Delaware, Hawaii, Illinois, and Louisiana and also released variations of data privacy laws to address: data protection, breach notification, and 3rd-party service provider requirements.
Many companies would prefer a single standard National standard for data privacy and protection instead of a complex patchwork, and inevitably companies will build to the strictest standard. While massive firms like Facebook and Google can afford to pay armies of lawyers and developers to delay and challenge and customize around such a patchwork, small and medium businesses need an approach to make this scalable and repeatable.
Users are responding with their voices and wallets
It should not be a surprise that users are starting to care more about their data and the shift in opinion is monumental. In the 2019 survey below, respondents shared how concerned they were about data privacy compared to just one year ago. Globally, on average, 53% of respondents were more concerned about their online privacy.
Moreover, this increase in concern ties directly to a user’s willingness to pay. In the data below, respondents were asked about brand-related data privacy concerns. Of the one thousand participants, 46% answered “I only buy products/services from brands/companies that I am confident will protect my privacy.” Additionally, 43% of online users in the United States even try to avoid making purchases on their phone due to data privacy concerns.
As a user, control over your data is power. Shoppers want to feel their data will be kept safe and not misused by an organization or leaked to the public. In a study by Frost and Sullivan on perceived long-term impacts of data breaches, approximately half of business executives surveyed were involved in a publicly-disclosed user data breach and reported a strong negative impact on business outcomes. As a small business, data privacy and transparency must be part of your strategy. As a user, you should be able to see and manage your data – if not, vote with your wallet.
As technology continues to evolve, the need for vigilance in the data privacy realm will increase. Companies will increase their spend on data privacy to secure a more complex hyper-connected world and, in parallel, criminal actors will work creatively to identify new vulnerabilities. Laws surrounding data privacy will continue to roll out globally impacting how we operate individually and as organizations or governments. As users, it is important to understand data privacy laws but also be in control of our own data. As a business, it is important to be transparent and clear on why you are collecting data and keep it no longer than necessary.
CIGI. (June 11, 2019). Share of internet users who are more concerned about their online privacy compared to a year ago as of February 2019, by region [Graph]. In Statista. Retrieved October 31, 2020, from https://www-statista-com.dartmouth.idm.oclc.org/statistics/373338/global-opinion-concern-online-privacy/
Frost & Sullivan. (March 2020). Mega Trends Defining our Future: Are you ready? https://ww2.frost.com/
Information is Beautiful, & Thomson Reuters. (April 3, 2020). Number of compromised data records in selected data breaches as of April 2020 (in millions) [Graph]. In Statista. Retrieved October 31, 2020, from https://www-statista-com.dartmouth.idm.oclc.org/statistics/290525/cyber-crime-biggest-online-data-breaches-worldwide/
Kaminski, Margot. 2020. “A Recent Renaissance in Privacy Law: Considering the Recent Increased Attention to Privacy Law Issues amid the Typically Slow Pace of Legal Change.” Communications of the ACM 63 (9): 24–27. doi:10.1145/3411049.
Vibes. (July 24, 2019). Brand-related data privacy concerns of smartphone users in the United States as of May 2019 [Graph]. In Statista. Retrieved October 31, 2020, from https://www-statista-com.dartmouth.idm.oclc.org/statistics/308707/company-transparency-regarding-consumer-data-usage/