Let’s talk about REAL data privacy
Data privacy continues to be an important topic and will become more so in the future. So let’s really talk about what it means for you.
Last week saw an announcement from Apple and a response from its competitors making it clear data privacy will be at the forefront of technology and security conversations in 2019 and likely beyond. While these statements have been lauded by many, I’m only cautiously optimistic. The reason? I challenge their definition of data privacy.
In stating a public commitment to data privacy, companies like Apple focus on the collection of data (how they collect or even should they collect) and how it is marketed and shared. That’s definitely an important topic and it’s great to see companies publicly committing to more transparent practices. But when I think of data privacy, it goes far beyond collection and sharing practices.
Corporations and consumers alike live in a digital world. The reality is that although we’re more mindful as to how we share our personal data, we will continue to do so with a wide range of organizations, from our doctor’s office and local businesses to big box retailers and large companies like Google, Apple and Facebook. To me, data privacy not only addresses how these entities market and share information, but also how they manage, store and secure data. For example, does the organization know who has access to look at this data? What protections are in place to ensure that sensitive personal data (credit card numbers, health information, financial details, etc.) is secure?
This view of data privacy isn’t something some corporations want to speak to and for good reason – in some instances, they simply don’t know the answers to the questions I’ve asked above. For example, it was only a few short months ago that it came to light that Facebook user data including account names, IDs and other details for thousands of Facebook users was posted in plain site, constituting one of the most significant data breaches of 2019. And if this is happening at Facebook, one of the most well-known brands around, you can be certain it is happening at organizations of all sizes around the globe.
Will This Ever Change?
With this in mind, it can be hard to see why corporations would ever change and implement truly pervasive and impactful data privacy practices. They will, and here’s why: the current atmosphere and attitude around data privacy has changed dramatically. A data breach is no longer a storm a corporation can weather, recovering after a few months. Organizations are now held accountable in a way we haven’t seen before. The result is that we’re seeing significant financial consequences that cause significant and long-term damages to brands. A couple of recent examples come to mind:
1.) Consumer-driven: Class action lawsuits – Last year, British Airways faced a $650 million class-action lawsuit following its warning that a hacker stole payment card data associated with hundreds of thousands of transactions. This is a prime example of how consumer pressure has raised the bar in terms of what is expected from corporations.
2.) Institutional-driven: Credit rating changes – A few weeks ago, credit ratings agency Moody’s downgraded its rating outlook of Equifax, naming the fallout from the latter’s data breach as a major factor of the poor marks. This is an unprecedented action and should serve as a wake-up call to C-level executives and boards of directors. A data breach is not longer a momentary blip impacting brand reputation. It can now have a significant and long-term impact on an organization’s financial outlook and ability to conduct business.
Much of what I’m referencing has been dire, but there is some good news. There are companies motivated to implement truly pervasive and effective data privacy and security practices. In fact, I have conversations with corporations the world over with security professionals whose organizations are committed to understanding where they have personal data, how that data is treated within the organization (and by partners and contractors), and what they can do to ensure this critical data is stringently protected. But we need this trend to grow.