Is it possible to find a good balance between supporting businesses vs. protecting consumers’ sensitive data? We think so.
While the regulatory environment has lagged the rapidly changing world we live in, consumer behavior is adapting as the average person becomes more aware of identity theft and data breaches. The loss of sensitive personal data has the potential to make their lives difficult.
Who among us has not received multiple notices from companies that our personal data was compromised? Equifax is just the latest example of the weak protections companies put in place to safeguard our information. Here are some thoughts:
1. On finding a balance between corporate interests and consumer protections: These don’t have to be mutually exclusive or contradictory if we change the way we think about data. Laws are intended for the protection of our society but they have been slow to react to changes in consumer risk. Historically, they are always reactions to the activity of the worst offenders only. Allowing consumers more control of their information is a good start.
2. Consumer behavior is starting to change in the wake of all these breaches. As a result, consumers are deciding to give their business to companies who not only provide them with goods and services they want but who are also considering their effect on the world around them and who voluntarily take actions to contribute to their communities. Good, accurate data, maintained and approved by consumers willing to receive services (and accepting the lack of those services with the removal of their data) would seem to be more valuable and reduce efforts to protect it more thoroughly than our historical approach of collecting as much data as possible for no specific purpose.
3. We’ll always have Paris…or the EU. The International community may be on to something. They were concerned with data privacy as soon as they saw the potential for computing to manipulate ever-increasing volumes of data more than 40 years ago. They’ve watched the evolution and results of U.S. data breach legislation for almost 15 years while observing their own efforts enforcing the EU Directive since 1995. As the leading country in data consumption, it just might be time for the U.S. to start thinking differently.
With the General Data Protection Regulation (GDPR) the EU has put in place the strongest policies and penalties around consumer privacy and data. As the GDPR rolls out in 2018, we will be watching closely for both the economic impacts and changes in consumer behavior. In the US, the ‘business first’ sentiment drives the economy forward. However, at some point, privacy protections must be put in place to protect consumers and, perhaps, take a long view of what will ultimately benefit businesses – fewer breaches, less liability, and better data services.
This article was co-authored by Dione McBride, CISSP, CIPP/E, Data Protection, Privacy and Security Specialist, and Hanno Ekdahl, CEO of Idenhaus.
Subscribe to our newsletter and follow @Idenhaus on Twitter.
Photo credit: Dione McBride
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us