Privacy is an ideal that has gradually eroded as we navigate through the information era – always consuming more data on everything and everyone. According to Gartner, U.S. consumer data is big business with over 5,000 data brokers participating in a $200 billion industry. That doesn’t even account for the dark web market or the daily trading of data to access games and other freemium services.
Simply put, data on U.S. citizens is plentiful for all to consume and has been stored in bits and bytes by retailers, insurers, banks, and others for decades. Like cash, personal data has become the currency for accessing many online services. Whether our consumer data is accessed legitimately or outside of the law, it’s happening every moment of every day, usually without us knowing or consenting. While the exchange of data between consumers and merchants is likely to continue, global privacy policies and disgruntled consumers are raising expectations on how their personal data is managed and protected.
The Age of Data breaches
If there’s one thing a lot of businesses usually get right, it was getting permission to use personal data. Read fine print, check the box, sign, and done. We’ve all seen it before. Many merchants dropped the ball after that moment of permission, hoarding the data, secure in the knowledge that they would be able to make money with it somehow but without much thought about how to protect it. This created a perfect storm for a new and rapidly growing industry – data theft. Indeed, the Identity Theft Resource Center expected a 37 percent annual increase in data breaches over last year when breaches had already reached an all-time record high of 1,093. That was back in July, prior to the Equifax breach. The the age of data breaches has arrived.
Living at a high risk for ID theft
The odds of becoming a victim of identity theft have increased to one in three, according to a study by Javelin. We already know that most consumers will be a data breach victim at some point – it’s just a matter of time before that information is used for nefarious purposes.
Raising Expectations: Social Pressure and Government Regulation
It’s true, we’re still in an American era that has placed little value on protecting personal data. After all, the U.S. Government is on the verge of deregulating net neutrality. These changes paired with The Patriot Act, send pretty strong perspectives on how the U.S. sees privacy. That said, I anticipate domestic social pressures from Millennials and their counterparts as well as global legislation to begin a new paradigm shift.
As of last year, we saw Millennials surpass Baby Boomers as the largest generation capping out at 83m in the U.S. This generation places a high value on instant gratification and frictionless service – making them power users of connected devices and digital services. And as click-happy as they may seem, a recent LexisNexis study showed that 72% Millennials are concerned with the risk of online privacy and 67% said they’d be likely terminate an account over too much information being requested. Millennials understand that personal data is a form of currency, and they’re increasingly skeptical about the level of information being shared online. As Millennials begin exercising their consumer power, the winning companies of the future will have stronger policies for handling and protecting personal data.
Although U.S. pressures have been mostly social, Europe has historically taken strong government-enforced positions toward protecting personal data. The EU’s latest General Data Protection Regulation (GDPR), which will become enforceable in May of 2018, truly reinforces the notion of privacy as a human right. The regulation introduces steep penalties and applies to all companies processing the personal data of subjects residing in the Union, regardless of the company’s location. As a result, many U.S. based companies with a European presence fall within GDPR’s jurisdiction and will soon be required to tighten up their policies around consumer data protection.
Getting Ahead of the Shift
The landscape around data privacy is shifting and companies will need to make adjustments. The adjustments required to adapt to the new landscape are not just in the cautionary fine print of legal disclaimers — they are changes to system architecture and methods in which consumer data is handled.
A core tenets of the EU’s GDPR is the idea of Privacy by Design in which systems engineers are proactive instead of reactive in regards to privacy. In my opinion, it’s a great framework for U.S. companies to adopt. Providing a safe and secure system that honors consumer privacy must be designed alongside all other features and not just an afterthought. Added to that, it’s critical for these companies to provide consumers with visibility and transparency into how their data is being handled, create mechanisms for transferring control, removing records, and having organizations report known breaches in a timely manner.
Between Millennial sentiment and the European example to pave the way, I believe it’s in the best interest for companies to get a handle on how their relationship with personal data is going to change going forward. Those who on the wrong side of this shift may find it hard to sustain their relationships with their best customers.
Leading by Example
When building Token of Trust, it was imperative to build a system that held to these beliefs. We believe that consumers have a right to privacy and control when it comes to their data. As a startup in the age of data breaches, we believe there is no such thing as a completely secure system and therefore hoarding data is not just irresponsible it is dangerous. . We build with privacy and control of data first. User anonymity, processes that verify and discard, and encryption within the core system — not just part of a walled garden. My co-founder, Darrin Edelman, posted an article on our blog that dives deeper into some of these practices.