After several years of notorious data privacy breaches at corporations including Yahoo, Equifax, Uber and Target, the public has become rightfully weary. Facebook's recent failures to ensure privacy of user data have further exacerbated the distrust, and we seem to have reached a boiling point. Congress is enacting laws to protect citizens from the misuses and abuses of data that have led to privacy infringements, but will it be too little, too late?
A National Crisis
According to Pew Research, "A majority of Americans (64%) have personally experienced a major data breach, and relatively large shares of the public lack trust in key institutions — especially the federal government and social media sites — to protect their personal information." Half of all Americans do not trust the federal government or social media sites to protect their data. Among the study's findings:
- 41% of Americans have encountered fraudulent charges on their credit cards.
- 35% have received notices that some type of sensitive information (like an account number) has been compromised.
- 16% say that someone has taken over their email accounts, and 13% say someone has taken over one of their social media accounts.
- 15% have received notices that their Social Security number has been compromised.
- 14% say that someone has attempted to take out loans or lines of credit in their name.
- 6% say that someone has impersonated them in order to file fraudulent tax returns.
The United States Lags Behind Europe in Privacy Protection
The U.S., home to Silicon Valley and many of the largest data companies (and scandals), has moved slowly in comparison to other Western nations in addressing this crisis. The European Union's General Data Protection Regulation (GDPR) set a standard the U.S. is trying to follow, but a confusing array of laws has made it difficult to set federal regulations.
As the U.S. currently regulates data by geographical sector and by types of sensitive information (e.g., health, financial), different industries face different privacy requirements. As a result, and in response to the absence of exhaustive federal regulations, state legislatures are stepping up.
New Laws Are Impacting Businesses in States Across the U.S.
Governor Jerry Brown of California recently signed the California Consumer Privacy Act of 2018, which will be enforceable in 2020. The law ensures users' rights to opt out of the sale of their data to third parties, and it also requires children under the age of 16 to actively consent to the sale of their data.
Additionally, the law enables consumers to access, download, and, in some cases, even delete stored personal data. Perhaps most significant, the law allows consumers to pursue legal action if they fall victim to a data breach. Eleven states are following California’s example with similar laws that seek to guarantee users' "right to know" what personal data is being collected, as well as the how and why.
Vermont passed a law regulating data brokers, and states such as Oregon and Virginia have expanded their definitions of personal data and enhanced oversight on third parties. New Jersey, Rhode Island, Alabama and South Dakota are among the other states following suit.
While these laws will present challenges to businesses by requiring them to invest in data protections and compliance, there is a competitive benefit. Over half of the firms that have been actively engaging in consumer data protection for up to a year report effective customer retention, and that number increases to 80 percent for those firms who have been engaging for four years or more.
These results do not take into account whether or not a business is communicating the data protection efforts effectively to their customers. Businesses that participate in cross-channel campaigns to educate their consumers about privacy protections and rights place themselves in a position to gain market share and customer loyalty.
Heading into 2020, it is difficult to fathom a business demonstrating its concern for customers in a more impactful way than by following the laws, proactively dealing with cybersecurity threats, and being open and accountable while doing so.
Learn more about UTPB's online MBA program.
Sources:Pew Research: Americans and Cybersecurity
Have a question or concern about this article? Please contact us.