3 things you need to know about data privacy
In recent years, data privacy has been a popular discussion topic and cause for significant concern for governments, commercial companies, and users alike. Without thinking too hard, most of the population can name at least one major data breach or privacy scandal in the last five years. That’s not to say the vulnerabilities or overall privacy concerns did not exist previously, but it is important to note the increase in media attention on large scale privacy scandals (see: Cambridge Analytica ) has increased public awareness and calls for greater transparency and greater controls on data. Similarly, as the total number of digitally connected users increases and as existing users deepen their connectedness through an uptick in devices per person, the chance for exposure will only increase. Frost & Sullivan's March 2020 Mega Trends Report, predicts over 20 devices, such as smartphones or smartwatches, per person by 2030 as we progress to a hyper-connected world.
If you are a user or small business owner, the chances of being highlighted on a global scale for privacy miss-steps are smaller but the implications to your small business or personal life should not be overlooked. As the privacy space evolves, there are a few key points to remember: (1) data privacy is not a new concern and it will not pass with time, (2) governments are responding with laws, (3) users are responding with their voices and wallets.
1. Data Privacy is not a new development and it will not pass with time
Although data breaches have only recently been brought to the forefront of our minds by media outlets, the vulnerabilities have been around much longer (don’t worry - the full history of cybersecurity will be saved for a riveting blog post). The first documented data breach that impacted over 1 million individuals and had compensatory income statement effects on the organization was in 2005 with DSW. The DSW breach compromised credit card information for approximately 1.4 million customers across 25 states and 108 stores in only 4 months. The company claimed exposure losses of between $6.5M to $9.5M dollars and settled in 2012 with their insurance for a $6.8M entitlement. The 2005 DSW breach seems like a long time ago but the exponential increase in scale of data breaches in just 15 years is staggering.
2. Governments are responding with laws
In response to a greater outcry from the public, governments have begun to enact laws for data privacy while others have been established for some time, the most famous or well-known is the European Union General Data Protection Regulation (commonly referred to as GDPR). GDPR applies to all personal data of persons or entities subject to EU laws, regardless of industry or sector and is hard to get around. For example, HIPPAA may not apply to all organizations in the US if they are collecting information in an anonymous manner or they don’t technically provide health services or insurance (source: Margot Kaminski, Law and Technology: A recent Renaissance in Privacy Law). GDPR ensures EU data subjects can access their data and request a correction or deletion even if they originally voluntarily handed their information over to a company-regardless of where that company is legally headquartered (see: clicking “I agree” to access surveys on social media about what Harry Potter house you belong in). In distinction from GDPR, the United States does not (yet!) have a national data privacy law; and so, states have been creating their own at varying speeds. The graphic below shows data privacy laws as of mid-2019 but since then Arkansas, Connecticut, Delaware, Hawaii, Illinois, and Louisiana and also released variations of data privacy laws to address: data protection, breach notification, and 3rd-party service provider requirements.
Many companies would prefer a single standard National standard for data privacy and protection instead of a complex patchwork, and inevitably companies will build to the strictest standard. While massive firms like Facebook and Google can afford to pay armies of lawyers and developers to delay and challenge and customize around such a patchwork, small and medium businesses need an approach to make this scalable and repeatable.
3. Users are responding with their voices and wallets
It should not be a surprise that users are starting to care more about their data and the shift in opinion is monumental. In the 2019 survey below, respondents shared how concerned they were about data privacy compared to just one year ago. Globally, on average, 53% of respondents were more concerned about their online privacy.
Moreover, this increase in concern ties directly to a user’s willingness to pay. In the data below, respondents were asked about brand-related data privacy concerns. Of the one thousand participants, 46% answered “I only buy products/services from brands/companies that I am confident will protect my privacy.” Additionally, 43% of online users in the United States even try to avoid making purchases on their phone due to data privacy concerns.
As a user, control over your data is power. Shoppers want to feel their data will be kept safe and not misused by an organization or leaked to the public. In a study by Frost and Sullivan on perceived long-term impacts of data breaches, approximately half of business executives surveyed were involved in a publicly-disclosed user data breach and reported a strong negative impact on business outcomes. As a small business, data privacy and transparency must be part of your strategy. As a user, you should be able to see and manage your data – if not, vote with your wallet.
As technology continues to evolve, the need for vigilance in the data privacy realm will increase. Companies will increase their spend on data privacy to secure a more complex hyper-connected world and, in parallel, criminal actors will work creatively to identify new vulnerabilities. Laws surrounding data privacy will continue to roll out globally impacting how we operate individually and as organizations or governments. As users, it is important to understand data privacy laws but also be in control of our own data. As a business, it is important to be transparent and clear on why you are collecting data and keep it no longer than necessary.
Let Rownd Help
You have enough to worry about in this post COVID-19 world. SMBs are the backbone of America and we created Rownd to focus on their unique needs. We help you create a competitive edge by giving data ownership to your customers. The “big guys” are trying to sell their customers’ data to make a quick buck but with the changing laws and regulations, that cash cow is starting to dry up. Be the first on the block to give your customers an “ejection seat”. We know you provide great service and products day in and day out, focus on your core business, let Rownd take care of the personal data.