Today, we are living in the information age, where sharing personal data occurs instantaneously and often without our knowledge. With increased internet usage it has become easier to share basic personal information such as names, locations, likes/dislikes and more without really considering where this information is going or what is being done with it.
Data privacy is understood as the compliance to set regulations while collecting, storing, managing, and sharing personal data. These laws and regulations are in place to give the consumer transparency and control over their personal data, ensuring that it will be protected and used for its intended purpose.
To get a better idea, we are all entitled to a level of privacy, outside of the digital world it is a lot easier to manage what you share and who you share it with. As information becomes more digitalized it becomes more difficult to control and track what is done with your personal information after you have shared it.
This concern has driven the formation of different data protection regulations which are in place to support privacy as a human right, giving people control over their data and confidence in the security of it.
The Personal Information Protection and Electronic Documents Act is a Canadian privacy law that sets the standard for how organizations collect, use and disclose personal information through commercial activity. PIPEDA protects personal information including:
- Blood type
- Identification numbers
Although there is no federal law in the United States specifically in place to uphold data privacy the Federal Trade Commission Act prohibits organizations engaging in “unfair or deceptive acts”. It is under this act that companies like Facebook and other tech companies, have gotten in hot water with the government for making misleading statements regarding the use of personal data. So under US regulation, if a business does not give the impression that they take part in data privacy and security, they have no legal obligation to!
The General Data Protection Regulation is a piece of legislation in place to protect personal data through processes of collection, storage, distribution and destruction of data across the European Union. The GDPR applies to all organizations that operate within or sell to the European Union.
Giving these regulatory structure teeth, and ensuring that companies meet with penalties that are more than simple costs of doing business is an important development for Data Privacy.
In many cases we are encouraged to share our information for our convenience – whether that is to receive promotional benefits, connect us with friends, or build our digital identity. These websites, apps, and social platforms that we use day-to-day collect personal information to provide a better service to the user (that’s you!). While this can be seen as a benefit, it is easy to take little notice of the personal data that is being collected.
So what kind of information is being collected about me online? When you are online nothing is private, downloads, phone configurations, website history, email addresses and location data can all be collected simply by using your smart phone.
Issues can occur on a personal and organizational level if this collected data is not handled responsibly, taking data privacy and security measures into consideration.
Data privacy is important because people trust that their information will be safe and used appropriately. The problem is... personal data is regularly misused, and this can create problems not only for the individual users but the organizations responsible for protecting the data. Today, information security threats continue to develop as the value and application of private data continues to evolve.
Perhaps most disturbing is that much of the personal and de-anonymizable data that is collected can be found for sale on the open market. Data leaked in this manner can lead directly to real world consequences.
To the user, data privacy comes as something that is expected when disclosing personal information. While some of this information we pass on, we also leave a trail of data throughout our daily routine which is collected often without our knowledge. The risks of data misuse and data breaches threaten the security of this information and the privacy of millions of people every day.
Much like if someone read your personal diary, a data breach leaves the consumer exposed, revealing personal information without consent. This can lead to several complications for the consumer including password/account reset, credit freezes and so on.
While the consumer places their trust in the organization to abide by data privacy laws and push data security measures to protecting their information there are also steps that you can take to protect yourself from these situations.
- Encrypt/Backup your data
- Secure Accounts
- Two-step authentication
- Password manager
- Protect Web Browsing
- Anti-virus Software
- Choose service providers carefully
- Get to know the laws that govern service providers
- Choose providers with sustainable non-data driven business models
Organizations that collect any form of data from an individual have a responsibility to the privacy and security of that data. These companies are held accountable for breaches and violations of data privacy laws.
If this risk is not managed the entire perception of a brand could be tarnished, destroying the consumer trust and investor appeal… not to mention the legal implications (fines & lawsuits). A report by IBM states that the average time to identify and contain a data breach is 280 days with an average cost of $3.86 million.
In June 2021 data from 700 million LinkedIn users (92% of total users) was put up for sale online. This data included:
- Email addresses
- Full names
- Phone numbers
- Personal and professional experience
- Account users and profile URLs
In January 2021, Walmart owned men’s clothing company Bonobos suffered a data breach which leaked millions of customers information to forum for free. This data included:
- Phone numbers
- Partial credit card
- Account information
MeetMindful, an online dating platform, was hacked in January 2021 with more than 2.28 million user’s information leaked to a public forum. This data included:
- IP addresses
- Full names
- Email addresses
- Location information
- Facebook IDs
- Birth dates
- Dating information
- Marital status
Data privacy and data security are fundamentally connected, and while each plays a part in the other there are notable differences between the two.
Data privacy represents the ability for a person to understand how and what personal data is being used, carried out by protection regulations to govern how data is collected, shared and stored. Data privacy efforts are in place to protect the identity of the user, giving the consumer transparency and control over the intended use of their data. Privacy measures cannot be met without implementing some form of data security, while data security can be put in place without considering data privacy.
Data security are a set of safeguards established to protect your data from unauthorized third-party attackers and data breaches. With the growing utility of data, it has become one of the most valuable assets a company has. Data security measures are in place to specifically protect your data and prevent access from unauthorized third parties.