Data Privacy Day was January 28, an internationally recognized day whose purpose is to raise awareness of data privacy and promote data privacy education. It currently is held in the U.S., Canada, and 27 European countries.
In light of this effort, let’s examine the topic of data privacy: Why it’s important, what consumers aren’t doing right, and what businesses must start doing better.
Recently another seven new breaches were made public (1). A recent study places lost personal records at over 806 million between 2005 and 2010 (2), and another 32.3 million since then (1).
What does this mean for consumers? What does this mean for businesses? The much over-quoted, then Sun co-founder and CEO Scott McNealy opines: “You have zero privacy anyway. Get over it.”
Consumers are desensitized to breaches, as evidenced by the meager response rate of consumers applying for free credit monitoring services after a company breaches their personal information. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?”
The types of data collected often are articulated in corporate privacy policies, but few consumers bother to read Privacy Policies to better understand what companies collect. If consumers don’t demand better safeguarding of their personal information, businesses have little incentive to invest resources in protecting it!
As businesses decide how to leverage their information assets, including the terabytes of consumer data, the privacy trend is growing increasingly unfavorable! Google, for example, is combining some 60 Privacy Policies.
A paradigm shift is needed. Businesses must do three things:
• Collect less personal information
• Do a better job securing that information
• Better explain, in plain English, what they collect and what they do with the data collected
But consumers are not devoid of responsibility. Consumers need to read privacy policies and make cognitive decisions as to which companies they wish to do business with.
We all need to take an active role in privacy, ot last Saturday was just an oxymoron and just wishful thinking. Maybe Scott McNealy was right.
Brian Dean is a former Senior Vice President, Chief Privacy Officer, HIPAA Officer, and GLBA Officer for one of the nation’s largest financial institutions. He now is the Privacy Officer for SecureState and provides consulting services to the banking, healthcare, and other industries in the area of privacy. For more information contact Brian at www.SecureState.com
2.The Leaking Vault 2011, Six Years of Data Breaches, Suzanne Widup, August 2011